@eggjs/dal-runtime 3.33.0

package/dist/src/DataSource.js

@@ -0,0 +1,78 @@
+"use strict";
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _DataSource_instances, _DataSource_paginateCount;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataSource = void 0;
+const TableModelInstanceBuilder_1 = require("./TableModelInstanceBuilder");
+const PAGINATE_COUNT_WRAPPER = ['SELECT COUNT(0) as count FROM (', ') AS T'];
+class DataSource {
+    constructor(tableModel, mysqlDataSource, sqlMap) {
+        _DataSource_instances.add(this);
+        this.tableModel = tableModel;
+        this.mysqlDataSource = mysqlDataSource;
+        this.sqlMap = sqlMap;
+    }
+    generateSql(sqlName, data) {
+        const sql = this.sqlMap.generate(sqlName, data, this.mysqlDataSource.timezone);
+        const sqlType = this.sqlMap.getType(sqlName);
+        const template = this.sqlMap.getTemplateString(sqlName);
+        return {
+            sql,
+            sqlType,
+            template,
+        };
+    }
+    async count(sqlName, data) {
+        const newData = Object.assign({ $$count: true }, data);
+        const executeSql = this.generateSql(sqlName, newData);
+        return await __classPrivateFieldGet(this, _DataSource_instances, "m", _DataSource_paginateCount).call(this, executeSql.sql);
+    }
+    async execute(sqlName, data) {
+        const executeSql = this.generateSql(sqlName, data);
+        const rows = await this.mysqlDataSource.query(executeSql.sql);
+        return rows.map(t => {
+            return TableModelInstanceBuilder_1.TableModelInstanceBuilder.buildInstance(this.tableModel, t);
+        });
+    }
+    async executeRaw(sqlName, data) {
+        const executeSql = this.generateSql(sqlName, data);
+        return await this.mysqlDataSource.query(executeSql.sql);
+    }
+    async executeScalar(sqlName, data) {
+        const ret = await this.execute(sqlName, data);
+        if (!Array.isArray(ret))
+            return ret || null;
+        return ret[0] || null;
+    }
+    async executeRawScalar(sqlName, data) {
+        const ret = await this.executeRaw(sqlName, data);
+        if (!Array.isArray(ret))
+            return (ret || null);
+        return ret[0] || null;
+    }
+    async paginate(sqlName, data, currentPage, perPageCount) {
+        const limit = `LIMIT ${(currentPage - 1) * perPageCount}, ${perPageCount}`;
+        const sql = this.generateSql(sqlName, data).sql + ' ' + limit;
+        const countSql = this.generateSql(sqlName, Object.assign({ $$count: true }, data)).sql;
+        const ret = await Promise.all([
+            this.mysqlDataSource.query(sql),
+            __classPrivateFieldGet(this, _DataSource_instances, "m", _DataSource_paginateCount).call(this, countSql),
+        ]);
+        return {
+            total: ret[1],
+            pageNum: currentPage,
+            rows: ret[0].map(t => TableModelInstanceBuilder_1.TableModelInstanceBuilder.buildInstance(this.tableModel, t)),
+        };
+    }
+}
+exports.DataSource = DataSource;
+_DataSource_instances = new WeakSet(), _DataSource_paginateCount = async function _DataSource_paginateCount(baseSQL) {
+    const sql = `${PAGINATE_COUNT_WRAPPER[0]}${baseSQL}${PAGINATE_COUNT_WRAPPER[1]}`;
+    const result = await this.mysqlDataSource.query(sql);
+    return result[0].count;
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRGF0YVNvdXJjZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9EYXRhU291cmNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7OztBQUdBLDJFQUF3RTtBQVF4RSxNQUFNLHNCQUFzQixHQUFHLENBQUUsaUNBQWlDLEVBQUUsUUFBUSxDQUFFLENBQUM7QUFFL0UsTUFBYSxVQUFVO0lBS3JCLFlBQVksVUFBeUIsRUFBRSxlQUFnQyxFQUFFLE1BQW1COztRQUMxRixJQUFJLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQztRQUM3QixJQUFJLENBQUMsZUFBZSxHQUFHLGVBQWUsQ0FBQztRQUN2QyxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQztJQUN2QixDQUFDO0lBRU8sV0FBVyxDQUFDLE9BQWUsRUFBRSxJQUFZO1FBQy9DLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxRQUFTLENBQUMsQ0FBQztRQUNoRixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM3QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3hELE9BQU87WUFDTCxHQUFHO1lBQ0gsT0FBTztZQUNQLFFBQVE7U0FDVCxDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBZSxFQUFFLElBQVU7UUFDckMsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN2RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sdUJBQUEsSUFBSSx3REFBZSxNQUFuQixJQUFJLEVBQWdCLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFlLEVBQUUsSUFBVTtRQUN2QyxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNuRCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM5RCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUU7WUFDbEIsT0FBTyxxREFBeUIsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNyRSxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsVUFBVSxDQUFDLE9BQWUsRUFBRSxJQUFVO1FBQzFDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ25ELE9BQU8sTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVELEtBQUssQ0FBQyxhQUFhLENBQUMsT0FBZSxFQUFFLElBQVU7UUFDN0MsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUM5QyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFBRSxPQUFPLEdBQUcsSUFBSSxJQUFJLENBQUM7UUFDNUMsT0FBTyxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDO0lBQ3hCLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsT0FBZSxFQUFFLElBQVU7UUFDaEQsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNqRCxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFBRSxPQUFPLENBQUMsR0FBRyxJQUFJLElBQUksQ0FBUSxDQUFDO1FBQ3JELE9BQU8sR0FBRyxDQUFDLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQztJQUN4QixDQUFDO0lBRUQsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFlLEVBQUUsSUFBUyxFQUFFLFdBQW1CLEVBQUUsWUFBb0I7UUFDbEYsTUFBTSxLQUFLLEdBQUcsU0FBUyxDQUFDLFdBQVcsR0FBRyxDQUFDLENBQUMsR0FBRyxZQUFZLEtBQUssWUFBWSxFQUFFLENBQUM7UUFDM0UsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLENBQUMsR0FBRyxHQUFHLEdBQUcsR0FBRyxLQUFLLENBQUM7UUFDOUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUd2RixNQUFNLEdBQUcsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFDNUIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDO1lBQy9CLHVCQUFBLElBQUksd0RBQWUsTUFBbkIsSUFBSSxFQUFnQixRQUFRLENBQUM7U0FDOUIsQ0FBQyxDQUFDO1FBRUgsT0FBTztZQUNMLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDO1lBQ2IsT0FBTyxFQUFFLFdBQVc7WUFDcEIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxxREFBeUIsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQztTQUNuRixDQUFDO0lBQ0osQ0FBQztDQVNGO0FBOUVELGdDQThFQzttRUFQQyxLQUFLLG9DQUFnQixPQUFlO0lBQ2xDLE1BQU0sR0FBRyxHQUFHLEdBQUcsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxHQUFHLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7SUFFakYsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUVyRCxPQUFPLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUM7QUFDekIsQ0FBQyJ9

package/dist/src/MySqlDataSource.d.ts

@@ -0,0 +1,15 @@
+import type { RDSClientOptions } from '@eggjs/rds/lib/types';
+import Base from 'sdk-base';
+export interface DataSourceOptions extends RDSClientOptions {
+    name: string;
+    initSql?: string;
+}
+export declare class MysqlDataSource extends Base {
+    private readonly client;
+    private readonly initSql;
+    readonly name: string;
+    readonly timezone?: string;
+    constructor(options: DataSourceOptions);
+    protected _init(): Promise<void>;
+    query<T = any>(sql: string): Promise<T>;
+}

package/dist/src/MySqlDataSource.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MysqlDataSource = void 0;
+const rds_1 = require("@eggjs/rds");
+const sdk_base_1 = __importDefault(require("sdk-base"));
+const DEFAULT_OPTIONS = {
+    supportBigNumbers: true,
+    bigNumberStrings: true,
+    trace: true,
+};
+class MysqlDataSource extends sdk_base_1.default {
+    constructor(options) {
+        super({ initMethod: '_init' });
+        const { name, initSql, ...mysqlOptions } = options;
+        this.client = new rds_1.RDSClient(Object.assign({}, DEFAULT_OPTIONS, mysqlOptions));
+        this.initSql = initSql ?? 'SELECT 1 + 1';
+        this.name = name;
+        this.timezone = options.timezone;
+    }
+    async _init() {
+        if (this.initSql) {
+            await this.client.query(this.initSql);
+        }
+    }
+    async query(sql) {
+        return this.client.query(sql);
+    }
+}
+exports.MysqlDataSource = MysqlDataSource;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTXlTcWxEYXRhU291cmNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL015U3FsRGF0YVNvdXJjZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSxvQ0FBdUM7QUFHdkMsd0RBQTRCO0FBUTVCLE1BQU0sZUFBZSxHQUFxQjtJQUN4QyxpQkFBaUIsRUFBRSxJQUFJO0lBQ3ZCLGdCQUFnQixFQUFFLElBQUk7SUFDdEIsS0FBSyxFQUFFLElBQUk7Q0FDWixDQUFDO0FBRUYsTUFBYSxlQUFnQixTQUFRLGtCQUFJO0lBTXZDLFlBQVksT0FBMEI7UUFDcEMsS0FBSyxDQUFDLEVBQUUsVUFBVSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDL0IsTUFBTSxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsR0FBRyxZQUFZLEVBQUUsR0FBRyxPQUFPLENBQUM7UUFDbkQsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLGVBQVMsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsRUFBRSxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUM5RSxJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sSUFBSSxjQUFjLENBQUM7UUFDekMsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDakIsSUFBSSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDO0lBQ25DLENBQUM7SUFFUyxLQUFLLENBQUMsS0FBSztRQUNuQixJQUFJLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNqQixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN4QyxDQUFDO0lBQ0gsQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFLLENBQVUsR0FBVztRQUM5QixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7Q0FDRjtBQXhCRCwwQ0F3QkMifQ==

package/dist/src/NunjucksConverter.d.ts

@@ -0,0 +1,73 @@
+export declare class NunjucksConverter {
+    /**
+     * 将变量 HTML 转义的逻辑改为 MySQL 防注入转义
+     *
+     * eg:
+     *
+     *   output += runtime.suppressValue(runtime.contextOrFrameLookup(context, frame, "allColumns")
+     *
+     *   转换为
+     *
+     *   output += runtime.escapeSQL.call(this, "allColumns", runtime.contextOrFrameLookup(context,  frame, "allColumns")
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertNormalVariableCode(code: string): string;
+    /**
+     * 三目运算的 MySQL 防注入转义
+     *
+     * eg:
+     *
+     *   output += runtime.suppressValue((runtime.contextOrFrameLookup(context, frame, "$gmtCreate") !== \
+     *     runtime.contextOrFrameLookup(context, frame, "undefined")?runtime.contextOrFrameLookup(context,\
+     *     frame, "$gmtCreate"):"NOW()"), env.opts.autoescape);
+     *
+     *   转换为
+     *
+     *   output += runtime.suppressValue((runtime.contextOrFrameLookup(...) != ...) ?
+     *     runtime.escapeSQL.call(this, "...", runtime.contextOrFrameLookup(...)) :
+     *     ...)
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertTernaryCode(code: string): string;
+    /**
+     * 对象的属性，如 `user.id` 防注入转义
+     *
+     * eg:
+     *   output += runtime.suppressValue(runtime.memberLookup(\
+     *     (runtime.contextOrFrameLookup(context, frame, "user")),"id"), env.opts.autoescape);
+     *
+     * 转换为
+     *
+     *   output += runtime.escapeSQL.call(this, "<...>", runtime.memberLookup(...), env.opts.autoescape);
+     *
+     * 由于 escapeSQL 中是根据 key 与预定义 block 匹配决定是否转义，而 memberLookup 的状态下总的 key 肯定不会匹配，
+     * 所以找一个绝对不会匹配的 "<...>" 传入。事实上它可以是任意一个不会被匹配的字符串，比如说 ">_<" 等。
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertNestedObjectCode(code: string): string;
+    /**
+     * For 中的 `t_xxx` 要被转义：
+     *
+     * eg:
+     *   frame.set("...", t_...);
+     *   ...
+     *   output += runtime.suppressValue(t_.., env.opts.autoscape);
+     *
+     * 转换为
+     *
+     *   output += runtime.escapeSQL.call(this, "for.t_...", t_..., env.opts.autoescape);
+     *
+     * 由于 escapeSQL 中是根据 key 与预定义 block 匹配决定是否转义，而 memberLookup 的状态下总的 key 肯定不会匹配，
+     * 所以找一个绝对不会匹配的 "for.t_..." 传入。事实上它可以是任意一个不会被匹配的字符串，比如说 ">_<" 等。
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertValueInsideFor(code: string): string;
+}

package/dist/src/NunjucksConverter.js

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NunjucksConverter = void 0;
+class NunjucksConverter {
+    /**
+     * 将变量 HTML 转义的逻辑改为 MySQL 防注入转义
+     *
+     * eg:
+     *
+     *   output += runtime.suppressValue(runtime.contextOrFrameLookup(context, frame, "allColumns")
+     *
+     *   转换为
+     *
+     *   output += runtime.escapeSQL.call(this, "allColumns", runtime.contextOrFrameLookup(context,  frame, "allColumns")
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertNormalVariableCode(code) {
+        return code.replace(/\Woutput\W*?\+=\W*?runtime\.suppressValue\(runtime\.contextOrFrameLookup\((.+?),(.*?),\W*?"(.+?)"\)/g, '\noutput += runtime.escapeSQL.call(this, "$3", runtime.contextOrFrameLookup($1, $2, "$3")');
+    }
+    /**
+     * 三目运算的 MySQL 防注入转义
+     *
+     * eg:
+     *
+     *   output += runtime.suppressValue((runtime.contextOrFrameLookup(context, frame, "$gmtCreate") !== \
+     *     runtime.contextOrFrameLookup(context, frame, "undefined")?runtime.contextOrFrameLookup(context,\
+     *     frame, "$gmtCreate"):"NOW()"), env.opts.autoescape);
+     *
+     *   转换为
+     *
+     *   output += runtime.suppressValue((runtime.contextOrFrameLookup(...) != ...) ?
+     *     runtime.escapeSQL.call(this, "...", runtime.contextOrFrameLookup(...)) :
+     *     ...)
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertTernaryCode(code) {
+        // 先找到所有的 runtime.suppressValue((...?...:...), env...)
+        const ternaryBefore = code.match(/\Woutput\W*?\+=\W*?runtime\.suppressValue\(\(.*\W*?\?\W*?.*?:.*\),\W*?env\.opts\.autoescape/g) || [];
+        // 进行逐一处理
+        const ternaryAfter = ternaryBefore.map(str => {
+            return str.replace(/([\?:])runtime\.contextOrFrameLookup\((.+?),(.*?),\W*?"(.+?)"\)/g, '$1runtime.escapeSQL.call(this, "$4", runtime.contextOrFrameLookup($2, $3, "$4"))')
+                .replace(/env.opts.autoescape$/g, 'false');
+        });
+        // 统一替换
+        for (let i = 0; i < ternaryBefore.length; i++) {
+            code = code.replace(ternaryBefore[i], ternaryAfter[i]);
+        }
+        return code;
+    }
+    /**
+     * 对象的属性，如 `user.id` 防注入转义
+     *
+     * eg:
+     *   output += runtime.suppressValue(runtime.memberLookup(\
+     *     (runtime.contextOrFrameLookup(context, frame, "user")),"id"), env.opts.autoescape);
+     *
+     * 转换为
+     *
+     *   output += runtime.escapeSQL.call(this, "<...>", runtime.memberLookup(...), env.opts.autoescape);
+     *
+     * 由于 escapeSQL 中是根据 key 与预定义 block 匹配决定是否转义，而 memberLookup 的状态下总的 key 肯定不会匹配，
+     * 所以找一个绝对不会匹配的 "<...>" 传入。事实上它可以是任意一个不会被匹配的字符串，比如说 ">_<" 等。
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertNestedObjectCode(code) {
+        return code.replace(/\Woutput\W*?\+=\W*?runtime\.suppressValue\(runtime\.memberLookup\((.+?)\), env\.opts\.autoescape\)/g, '\noutput += runtime.escapeSQL.call(this, "<...>", runtime.memberLookup($1), env.opts.autoescape)');
+    }
+    /**
+     * For 中的 `t_xxx` 要被转义：
+     *
+     * eg:
+     *   frame.set("...", t_...);
+     *   ...
+     *   output += runtime.suppressValue(t_.., env.opts.autoscape);
+     *
+     * 转换为
+     *
+     *   output += runtime.escapeSQL.call(this, "for.t_...", t_..., env.opts.autoescape);
+     *
+     * 由于 escapeSQL 中是根据 key 与预定义 block 匹配决定是否转义，而 memberLookup 的状态下总的 key 肯定不会匹配，
+     * 所以找一个绝对不会匹配的 "for.t_..." 传入。事实上它可以是任意一个不会被匹配的字符串，比如说 ">_<" 等。
+     *
+     * @param {String} code 转换前的代码
+     * @return {String} 转换后的代码
+     */
+    static convertValueInsideFor(code) {
+        return code.replace(/\Woutput\W*?\+=\W*?runtime\.suppressValue\((t_\d+), env\.opts\.autoescape\)/g, '\noutput += runtime.escapeSQL.call(this, "for.$1", $1, env.opts.autoescape)');
+    }
+}
+exports.NunjucksConverter = NunjucksConverter;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTnVuanVja3NDb252ZXJ0ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvTnVuanVja3NDb252ZXJ0ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBYSxpQkFBaUI7SUFDNUI7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNILE1BQU0sQ0FBQyx5QkFBeUIsQ0FBQyxJQUFZO1FBQzNDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FDakIsc0dBQXNHLEVBQ3RHLDJGQUEyRixDQUFDLENBQUM7SUFDakcsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7OztPQWlCRztJQUNILE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxJQUFZO1FBQ3BDLHNEQUFzRDtRQUN0RCxNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUM5Qiw4RkFBOEYsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUV4RyxTQUFTO1FBQ1QsTUFBTSxZQUFZLEdBQUcsYUFBYSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRTtZQUMzQyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQ2hCLGtFQUFrRSxFQUNsRSxrRkFBa0YsQ0FDbkY7aUJBQ0UsT0FBTyxDQUNOLHVCQUF1QixFQUN2QixPQUFPLENBQ1IsQ0FBQztRQUNOLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTztRQUNQLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxhQUFhLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDOUMsSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7OztPQWdCRztJQUNILE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxJQUFZO1FBQ3pDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FDakIscUdBQXFHLEVBQ3JHLGtHQUFrRyxDQUFDLENBQUM7SUFDeEcsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7OztPQWlCRztJQUNILE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxJQUFZO1FBQ3ZDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FDakIsOEVBQThFLEVBQzlFLDZFQUE2RSxDQUFDLENBQUM7SUFDbkYsQ0FBQztDQUVGO0FBL0dELDhDQStHQyJ9

package/dist/src/NunjucksUtil.d.ts

@@ -0,0 +1,5 @@
+import nunjucks from 'nunjucks';
+export declare class NunjucksUtils {
+    static createEnv(modelName: string): nunjucks.Environment;
+    static compile(modelName: string, sqlName: string, sql: string): nunjucks.Template;
+}

package/dist/src/NunjucksUtil.js

@@ -0,0 +1,104 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NunjucksUtils = void 0;
+const nunjucks_1 = __importStar(require("nunjucks"));
+const sqlstring_1 = __importDefault(require("sqlstring"));
+const NunjucksConverter_1 = require("./NunjucksConverter");
+const SqlUtil_1 = require("./SqlUtil");
+const compiler = nunjucks_1.default.compiler;
+const envs = {};
+const ROOT_RENDER_FUNC = Symbol('rootRenderFunc');
+const RUNTIME = Object.assign({}, nunjucks_1.default.runtime, {
+    escapeSQL: function escapeSQL(key, value) {
+        // 如果是预定义 block 则不转义
+        if (this.env.globals[key])
+            return value;
+        return sqlstring_1.default.escape(value, true, this.env.timezone);
+    },
+});
+function _replaceCodeWithSQLFeature(source) {
+    const funcs = [
+        'convertNormalVariableCode', // 普通变量
+        'convertTernaryCode', // 三目运算
+        'convertNestedObjectCode', // 对象中的变量，如 `user.id`
+        'convertValueInsideFor', // for 中的值需要转义
+    ];
+    return funcs.reduce((source, func) => NunjucksConverter_1.NunjucksConverter[func](source), source);
+}
+/**
+ * compile the string into function
+ * @see https://github.com/mozilla/nunjucks/blob/2fd547f/src/environment.js#L571-L592
+ */
+function _compile() {
+    let source = compiler.compile(this.tmplStr, this.env.asyncFilters, this.env.extensionsList, this.path, this.env.opts);
+    /**
+     * 将一些 Nunjucks 的 HTML 转义的代码转换成 SQL 防注入的代码
+     */
+    source = _replaceCodeWithSQLFeature(source);
+    // eslint-disable-next-line
+    const props = (new Function(source))();
+    this.blocks = this._getBlocks(props);
+    this[ROOT_RENDER_FUNC] = props.root;
+    this.rootRenderFunc = function (env, context, frame, _runtime, cb) {
+        /**
+         * 1. 将 runtime 遗弃，用新的
+         * 2. 移除 SQL 语句中多余空白符
+         */
+        return this[ROOT_RENDER_FUNC](env, context, frame, RUNTIME, function (err, ret) {
+            // istanbul ignore if
+            if (err)
+                return cb(err, ret);
+            return cb(err, SqlUtil_1.SqlUtil.minify(ret || ''));
+        });
+    };
+    this.compiled = true;
+}
+class NunjucksUtils {
+    static createEnv(modelName) {
+        if (envs[modelName])
+            return envs[modelName];
+        const env = envs[modelName] = nunjucks_1.default.configure({
+            autoescape: false,
+        });
+        return env;
+    }
+    static compile(modelName, sqlName, sql) {
+        // istanbul ignore if
+        if (!envs[modelName]) {
+            throw new Error(`you should create an Environment for ${modelName} first.`);
+        }
+        const template = new nunjucks_1.Template(sql, envs[modelName], `egg-dal:MySQL:${modelName}:${sqlName}`, false);
+        // 做一些 hack，使得支持 MySQL 的一些 Escape
+        template._compile = _compile;
+        template.compile();
+        return template;
+    }
+}
+exports.NunjucksUtils = NunjucksUtils;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTnVuanVja3NVdGlsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL051bmp1Y2tzVXRpbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHFEQUFnRTtBQUNoRSwwREFBa0M7QUFDbEMsMkRBQXdEO0FBQ3hELHVDQUFvQztBQUVwQyxNQUFNLFFBQVEsR0FBSSxrQkFBZ0IsQ0FBQyxRQUFRLENBQUM7QUFDNUMsTUFBTSxJQUFJLEdBQWdDLEVBQUUsQ0FBQztBQUU3QyxNQUFNLGdCQUFnQixHQUFHLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0FBQ2xELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxFQUFFLGtCQUFRLENBQUMsT0FBTyxFQUFFO0lBQ2xELFNBQVMsRUFBRSxTQUFTLFNBQVMsQ0FBWSxHQUFHLEVBQUUsS0FBSztRQUNqRCxvQkFBb0I7UUFDcEIsSUFBSSxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUN4QyxPQUFPLG1CQUFTLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUMxRCxDQUFDO0NBQ0YsQ0FBQyxDQUFDO0FBRUgsU0FBUywwQkFBMEIsQ0FBQyxNQUFNO0lBQ3hDLE1BQU0sS0FBSyxHQUFHO1FBQ1osMkJBQTJCLEVBQUUsT0FBTztRQUNwQyxvQkFBb0IsRUFBRSxPQUFPO1FBQzdCLHlCQUF5QixFQUFFLHFCQUFxQjtRQUNoRCx1QkFBdUIsRUFBRSxjQUFjO0tBQ3hDLENBQUM7SUFFRixPQUFPLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQyxxQ0FBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQztBQUNqRixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsU0FBUyxRQUFRO0lBQ2YsSUFBSSxNQUFNLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FDM0IsSUFBSSxDQUFDLE9BQU8sRUFDWixJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFDckIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxjQUFjLEVBQ3ZCLElBQUksQ0FBQyxJQUFJLEVBQ1QsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUVqQjs7T0FFRztJQUNILE1BQU0sR0FBRywwQkFBMEIsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUU1QywyQkFBMkI7SUFDM0IsTUFBTSxLQUFLLEdBQUcsQ0FBQyxJQUFJLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUM7SUFFdkMsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3JDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUM7SUFDcEMsSUFBSSxDQUFDLGNBQWMsR0FBRyxVQUFTLEdBQUcsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxFQUFFO1FBQzlEOzs7V0FHRztRQUNILE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUMsR0FBRyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLFVBQVMsR0FBRyxFQUFFLEdBQUc7WUFDM0UscUJBQXFCO1lBQ3JCLElBQUksR0FBRztnQkFBRSxPQUFPLEVBQUUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFDN0IsT0FBTyxFQUFFLENBQUMsR0FBRyxFQUFFLGlCQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzVDLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDO0lBQ0YsSUFBSSxDQUFDLFFBQVEsR0FBRyxJQUFJLENBQUM7QUFDdkIsQ0FBQztBQUVELE1BQWEsYUFBYTtJQUN4QixNQUFNLENBQUMsU0FBUyxDQUFDLFNBQWlCO1FBQ2hDLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQztZQUFFLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRTVDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxrQkFBUSxDQUFDLFNBQVMsQ0FBQztZQUMvQyxVQUFVLEVBQUUsS0FBSztTQUNsQixDQUFDLENBQUM7UUFFSCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRCxNQUFNLENBQUMsT0FBTyxDQUFDLFNBQWlCLEVBQUUsT0FBZSxFQUFFLEdBQVc7UUFDNUQscUJBQXFCO1FBQ3JCLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxTQUFTLFNBQVMsQ0FBQyxDQUFDO1FBQzlFLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLG1CQUFRLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsRUFBRSxpQkFBaUIsU0FBUyxJQUFJLE9BQU8sRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBRXBHLGlDQUFpQztRQUNoQyxRQUFnQixDQUFDLFFBQVEsR0FBRyxRQUFRLENBQUM7UUFDckMsUUFBZ0IsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUU1QixPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0NBQ0Y7QUF6QkQsc0NBeUJDIn0=

package/dist/src/SqlGenerator.d.ts

@@ -0,0 +1,9 @@
+import { TableModel } from '@eggjs/dal-decorator';
+export declare class SqlGenerator {
+    private formatComment;
+    private generateColumn;
+    private generateColumnType;
+    private generateIndex;
+    private generateTableOptions;
+    generate(tableModel: TableModel): string;
+}