@f2a/network 0.1.2

package/dist/utils/middleware.d.ts

@@ -0,0 +1,85 @@
+/**
+ * F2A 中间件系统
+ * 支持消息拦截、过滤和转换
+ */
+import { F2AMessage, AgentInfo } from '../types/index.js';
+import { Logger } from './logger.js';
+export interface MiddlewareContext {
+    /** 消息 */
+    message: F2AMessage;
+    /** 发送方 Peer ID */
+    peerId: string;
+    /** 发送方 Agent 信息 */
+    agentInfo?: AgentInfo;
+    /** 中间件元数据 */
+    metadata: Map<string, unknown>;
+}
+export type MiddlewareResult = {
+    action: 'continue';
+    context: MiddlewareContext;
+} | {
+    action: 'drop';
+    reason: string;
+} | {
+    action: 'modify';
+    context: MiddlewareContext;
+};
+export interface Middleware {
+    /** 中间件名称 */
+    name: string;
+    /** 执行优先级（数字越小优先级越高） */
+    priority?: number;
+    /**
+     * 中间件类型
+     * - 'essential': 核心中间件，异常时中断链
+     * - 'optional': 可选中间件，异常时继续处理
+     */
+    type?: 'essential' | 'optional';
+    /** 处理函数 */
+    process(context: MiddlewareContext): Promise<MiddlewareResult> | MiddlewareResult;
+}
+/**
+ * 中间件管理器
+ */
+export declare class MiddlewareManager {
+    private middlewares;
+    private logger;
+    constructor();
+    /**
+     * 注册中间件
+     */
+    use(middleware: Middleware): void;
+    /**
+     * 移除中间件
+     */
+    remove(name: string): boolean;
+    /**
+     * 执行中间件链
+     */
+    execute(context: MiddlewareContext): Promise<MiddlewareResult>;
+    /**
+     * 获取已注册的中间件列表
+     */
+    list(): string[];
+    /**
+     * 清空所有中间件
+     */
+    clear(): void;
+}
+/**
+ * 消息大小限制中间件
+ */
+export declare function createMessageSizeLimitMiddleware(maxSize: number): Middleware;
+/**
+ * 消息类型过滤中间件
+ */
+export declare function createMessageTypeFilterMiddleware(allowedTypes: string[]): Middleware;
+/**
+ * 消息日志中间件
+ */
+export declare function createMessageLoggingMiddleware(logger?: Logger): Middleware;
+/**
+ * 消息转换中间件示例
+ */
+export declare function createMessageTransformMiddleware(transform: (msg: F2AMessage) => F2AMessage): Middleware;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/utils/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/utils/middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,WAAW,iBAAiB;IAChC,SAAS;IACT,OAAO,EAAE,UAAU,CAAC;IACpB,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB;IACnB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,aAAa;IACb,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,MAAM,gBAAgB,GACxB;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,iBAAiB,CAAA;CAAE,GAClD;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAClC;IAAE,MAAM,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,iBAAiB,CAAA;CAAE,CAAC;AAErD,MAAM,WAAW,UAAU;IACzB,YAAY;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,IAAI,CAAC,EAAE,WAAW,GAAG,UAAU,CAAC;IAChC,WAAW;IACX,OAAO,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAAC;CACnF;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,MAAM,CAAS;;IAMvB;;OAEG;IACH,GAAG,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAOjC;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAU7B;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkDpE;;OAEG;IACH,IAAI,IAAI,MAAM,EAAE;IAIhB;;OAEG;IACH,KAAK,IAAI,IAAI;CAId;AAMD;;GAEG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,CAe5E;AAED;;GAEG;AACH,wBAAgB,iCAAiC,CAC/C,YAAY,EAAE,MAAM,EAAE,GACrB,UAAU,CAcZ;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,CAAC,EAAE,MAAM,GACd,UAAU,CAcZ;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAC9C,SAAS,EAAE,CAAC,GAAG,EAAE,UAAU,KAAK,UAAU,GACzC,UAAU,CAeZ"}

package/dist/utils/middleware.js

@@ -0,0 +1,173 @@
+/**
+ * F2A 中间件系统
+ * 支持消息拦截、过滤和转换
+ */
+import { Logger } from './logger.js';
+/**
+ * 中间件管理器
+ */
+export class MiddlewareManager {
+    middlewares = [];
+    logger;
+    constructor() {
+        this.logger = new Logger({ component: 'MiddlewareManager' });
+    }
+    /**
+     * 注册中间件
+     */
+    use(middleware) {
+        this.middlewares.push(middleware);
+        // 按优先级排序
+        this.middlewares.sort((a, b) => (a.priority || 0) - (b.priority || 0));
+        this.logger.info('Registered middleware', { name: middleware.name });
+    }
+    /**
+     * 移除中间件
+     */
+    remove(name) {
+        const index = this.middlewares.findIndex(m => m.name === name);
+        if (index !== -1) {
+            this.middlewares.splice(index, 1);
+            this.logger.info('Removed middleware', { name });
+            return true;
+        }
+        return false;
+    }
+    /**
+     * 执行中间件链
+     */
+    async execute(context) {
+        let currentContext = context;
+        for (const middleware of this.middlewares) {
+            try {
+                const result = await middleware.process(currentContext);
+                if (result.action === 'drop') {
+                    this.logger.info('Message dropped by middleware', {
+                        middleware: middleware.name,
+                        reason: result.reason
+                    });
+                    return result;
+                }
+                if (result.action === 'modify') {
+                    currentContext = result.context;
+                }
+            }
+            catch (error) {
+                this.logger.error('Middleware error', {
+                    middleware: middleware.name,
+                    error,
+                    type: middleware.type || 'optional'
+                });
+                // 根据中间件类型决定是否中断链
+                // essential: 核心中间件，异常时中断链，返回 drop
+                // optional: 可选中间件，异常时继续处理（原有行为）
+                const middlewareType = middleware.type || 'optional';
+                if (middlewareType === 'essential') {
+                    this.logger.warn('Essential middleware failed, aborting chain', {
+                        middleware: middleware.name
+                    });
+                    return {
+                        action: 'drop',
+                        reason: `Essential middleware ${middleware.name} failed: ${error instanceof Error ? error.message : String(error)}`
+                    };
+                }
+                // optional 中间件出错时继续处理，不阻塞消息
+                this.logger.info('Optional middleware failed, continuing chain', {
+                    middleware: middleware.name
+                });
+            }
+        }
+        return { action: 'continue', context: currentContext };
+    }
+    /**
+     * 获取已注册的中间件列表
+     */
+    list() {
+        return this.middlewares.map(m => m.name);
+    }
+    /**
+     * 清空所有中间件
+     */
+    clear() {
+        this.middlewares = [];
+        this.logger.info('Cleared all middlewares');
+    }
+}
+// ============================================================================
+// 内置中间件
+// ============================================================================
+/**
+ * 消息大小限制中间件
+ */
+export function createMessageSizeLimitMiddleware(maxSize) {
+    return {
+        name: 'MessageSizeLimit',
+        priority: 100, // 高优先级，尽早检查
+        process(context) {
+            const messageSize = JSON.stringify(context.message).length;
+            if (messageSize > maxSize) {
+                return {
+                    action: 'drop',
+                    reason: `Message size ${messageSize} exceeds limit ${maxSize}`
+                };
+            }
+            return { action: 'continue', context };
+        }
+    };
+}
+/**
+ * 消息类型过滤中间件
+ */
+export function createMessageTypeFilterMiddleware(allowedTypes) {
+    return {
+        name: 'MessageTypeFilter',
+        priority: 90,
+        process(context) {
+            if (!allowedTypes.includes(context.message.type)) {
+                return {
+                    action: 'drop',
+                    reason: `Message type ${context.message.type} not allowed`
+                };
+            }
+            return { action: 'continue', context };
+        }
+    };
+}
+/**
+ * 消息日志中间件
+ */
+export function createMessageLoggingMiddleware(logger) {
+    const log = logger || new Logger({ component: 'MessageLogger' });
+    return {
+        name: 'MessageLogger',
+        priority: 50, // 中等优先级
+        process(context) {
+            log.debug('Processing message', {
+                type: context.message.type,
+                from: context.peerId.slice(0, 16),
+                id: context.message.id
+            });
+            return { action: 'continue', context };
+        }
+    };
+}
+/**
+ * 消息转换中间件示例
+ */
+export function createMessageTransformMiddleware(transform) {
+    return {
+        name: 'MessageTransform',
+        priority: 10, // 低优先级，最后执行
+        process(context) {
+            const transformedMessage = transform(context.message);
+            return {
+                action: 'modify',
+                context: {
+                    ...context,
+                    message: transformedMessage
+                }
+            };
+        }
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/utils/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/utils/middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAiCrC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACpB,WAAW,GAAiB,EAAE,CAAC;IAC/B,MAAM,CAAS;IAEvB;QACE,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,UAAsB;QACxB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,SAAS;QACT,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,IAAY;QACjB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAC/D,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,OAA0B;QACtC,IAAI,cAAc,GAAG,OAAO,CAAC;QAE7B,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAExD,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;wBAChD,UAAU,EAAE,UAAU,CAAC,IAAI;wBAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;qBACtB,CAAC,CAAC;oBACH,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC/B,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC;gBAClC,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;oBACpC,UAAU,EAAE,UAAU,CAAC,IAAI;oBAC3B,KAAK;oBACL,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,UAAU;iBACpC,CAAC,CAAC;gBAEH,iBAAiB;gBACjB,kCAAkC;gBAClC,gCAAgC;gBAChC,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC;gBAErD,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;oBACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;wBAC9D,UAAU,EAAE,UAAU,CAAC,IAAI;qBAC5B,CAAC,CAAC;oBACH,OAAO;wBACL,MAAM,EAAE,MAAM;wBACd,MAAM,EAAE,wBAAwB,UAAU,CAAC,IAAI,YAAY,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;qBACpH,CAAC;gBACJ,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;oBAC/D,UAAU,EAAE,UAAU,CAAC,IAAI;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAC9C,CAAC;CACF;AAED,+EAA+E;AAC/E,QAAQ;AACR,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAAC,OAAe;IAC9D,OAAO;QACL,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,GAAG,EAAE,YAAY;QAC3B,OAAO,CAAC,OAA0B;YAChC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;YAC3D,IAAI,WAAW,GAAG,OAAO,EAAE,CAAC;gBAC1B,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,gBAAgB,WAAW,kBAAkB,OAAO,EAAE;iBAC/D,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iCAAiC,CAC/C,YAAsB;IAEtB,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,EAAE;QACZ,OAAO,CAAC,OAA0B;YAChC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,gBAAgB,OAAO,CAAC,OAAO,CAAC,IAAI,cAAc;iBAC3D,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAAe;IAEf,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,MAAM,CAAC,EAAE,SAAS,EAAE,eAAe,EAAE,CAAC,CAAC;IACjE,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,EAAE,EAAE,QAAQ;QACtB,OAAO,CAAC,OAA0B;YAChC,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC9B,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI;gBAC1B,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBACjC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;aACvB,CAAC,CAAC;YACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAC9C,SAA0C;IAE1C,OAAO;QACL,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,EAAE,EAAE,YAAY;QAC1B,OAAO,CAAC,OAA0B;YAChC,MAAM,kBAAkB,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtD,OAAO;gBACL,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE;oBACP,GAAG,OAAO;oBACV,OAAO,EAAE,kBAAkB;iBAC5B;aACF,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/utils/rate-limiter.d.ts

@@ -0,0 +1,71 @@
+/**
+ * 速率限制中间件
+ * 基于 Token Bucket 算法实现，支持突发流量
+ */
+export interface RateLimitConfig {
+    /** 最大请求数 */
+    maxRequests: number;
+    /** 时间窗口（毫秒） */
+    windowMs: number;
+    /** 是否跳过成功请求 */
+    skipSuccessfulRequests?: boolean;
+    /** 突发容量倍数（默认 1.5，允许短暂的请求爆发） */
+    burstMultiplier?: number;
+}
+export interface RateLimitEntry {
+    tokens: number;
+    lastRefill: number;
+}
+/**
+ * 速率限制器
+ * 实现 Disposable 接口，确保资源正确释放
+ */
+export declare class RateLimiter implements Disposable {
+    private config;
+    private burstCapacity;
+    private store;
+    private logger;
+    private cleanupTimer?;
+    private disposed;
+    constructor(config: RateLimitConfig);
+    /**
+     * 实现 Disposable 接口
+     * 确保资源被正确释放
+     */
+    [Symbol.dispose](): void;
+    /**
+     * 检查是否已释放
+     */
+    isDisposed(): boolean;
+    /**
+     * 停止速率限制器，清理资源
+     * 幂等操作，可多次调用
+     */
+    stop(): void;
+    /**
+     * 检查是否允许请求
+     * @param key 标识符（如 IP 地址、Peer ID）
+     * @returns 是否允许请求
+     */
+    allowRequest(key: string): boolean;
+    /**
+     * 获取剩余令牌数
+     */
+    getRemainingTokens(key: string): number;
+    /**
+     * 重置限制
+     */
+    reset(key?: string): void;
+    /**
+     * 清理过期的条目
+     */
+    cleanup(): void;
+}
+/**
+ * 创建速率限制中间件（用于 HTTP 服务器）
+ */
+export declare function createRateLimitMiddleware(config: RateLimitConfig): {
+    (req: any, res: any, next: () => void): void;
+    stop(): void;
+};
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/utils/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/utils/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,WAAW,eAAe;IAC9B,YAAY;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe;IACf,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+BAA+B;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,WAAY,YAAW,UAAU;IAC5C,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,KAAK,CAA0C;IACvD,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAC,CAAiB;IACtC,OAAO,CAAC,QAAQ,CAAkB;gBAEtB,MAAM,EAAE,eAAe;IAkBnC;;;OAGG;IACH,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI;IAIxB;;OAEG;IACH,UAAU,IAAI,OAAO;IAIrB;;;OAGG;IACH,IAAI,IAAI,IAAI;IAeZ;;;;OAIG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IA4ClC;;OAEG;IACH,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAavC;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI;IAQzB;;OAEG;IACH,OAAO,IAAI,IAAI;CAUhB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,eAAe;UAGtC,GAAG,OAAO,GAAG,QAAQ,MAAM,IAAI;;EAsBzD"}

package/dist/utils/rate-limiter.js

@@ -0,0 +1,160 @@
+/**
+ * 速率限制中间件
+ * 基于 Token Bucket 算法实现，支持突发流量
+ */
+import { Logger } from './logger.js';
+/**
+ * 速率限制器
+ * 实现 Disposable 接口，确保资源正确释放
+ */
+export class RateLimiter {
+    config;
+    burstCapacity;
+    store = new Map();
+    logger;
+    cleanupTimer;
+    disposed = false;
+    constructor(config) {
+        this.config = {
+            skipSuccessfulRequests: false,
+            burstMultiplier: 1.5,
+            ...config
+        };
+        // 计算突发容量
+        this.burstCapacity = Math.floor(this.config.maxRequests * this.config.burstMultiplier);
+        this.logger = new Logger({ component: 'RateLimiter' });
+        // 自动启动清理定时器
+        this.cleanupTimer = setInterval(() => this.cleanup(), config.windowMs);
+        // 注册析构回调，确保即使 stop() 未调用也能清理资源
+        if (typeof Symbol.dispose !== 'undefined') {
+            // 支持 using 语法的自动清理
+        }
+    }
+    /**
+     * 实现 Disposable 接口
+     * 确保资源被正确释放
+     */
+    [Symbol.dispose]() {
+        this.stop();
+    }
+    /**
+     * 检查是否已释放
+     */
+    isDisposed() {
+        return this.disposed;
+    }
+    /**
+     * 停止速率限制器，清理资源
+     * 幂等操作，可多次调用
+     */
+    stop() {
+        if (this.disposed) {
+            return; // 幂等：已释放则跳过
+        }
+        this.disposed = true;
+        if (this.cleanupTimer) {
+            clearInterval(this.cleanupTimer);
+            this.cleanupTimer = undefined;
+        }
+        this.store.clear();
+        this.logger.info('Rate limiter stopped');
+    }
+    /**
+     * 检查是否允许请求
+     * @param key 标识符（如 IP 地址、Peer ID）
+     * @returns 是否允许请求
+     */
+    allowRequest(key) {
+        const now = Date.now();
+        const entry = this.store.get(key);
+        if (!entry) {
+            // 首次请求，初始化令牌桶
+            // 初始令牌数为 maxRequests - 1（本次请求消耗 1 个）
+            this.store.set(key, {
+                tokens: this.config.maxRequests - 1,
+                lastRefill: now
+            });
+            return true;
+        }
+        // 计算需要补充的令牌数
+        const timePassed = now - entry.lastRefill;
+        const tokensToAdd = Math.floor((timePassed / this.config.windowMs) * this.config.maxRequests);
+        if (tokensToAdd > 0) {
+            // 令牌补充后不能超过突发容量
+            entry.tokens = Math.min(this.burstCapacity, entry.tokens + tokensToAdd);
+            entry.lastRefill = now;
+        }
+        // 检查是否有可用令牌
+        if (entry.tokens > 0) {
+            entry.tokens--;
+            return true;
+        }
+        this.logger.warn('Rate limit exceeded', {
+            key,
+            remaining: entry.tokens,
+            maxRequests: this.config.maxRequests,
+            burstCapacity: this.burstCapacity
+        });
+        return false;
+    }
+    /**
+     * 获取剩余令牌数
+     */
+    getRemainingTokens(key) {
+        const entry = this.store.get(key);
+        if (!entry)
+            return this.config.maxRequests;
+        const now = Date.now();
+        const timePassed = now - entry.lastRefill;
+        const tokensToAdd = Math.floor((timePassed / this.config.windowMs) * this.config.maxRequests);
+        return Math.min(this.burstCapacity, entry.tokens + tokensToAdd);
+    }
+    /**
+     * 重置限制
+     */
+    reset(key) {
+        if (key) {
+            this.store.delete(key);
+        }
+        else {
+            this.store.clear();
+        }
+    }
+    /**
+     * 清理过期的条目
+     */
+    cleanup() {
+        const now = Date.now();
+        const maxAge = this.config.windowMs * 2;
+        for (const [key, entry] of this.store) {
+            if (now - entry.lastRefill > maxAge) {
+                this.store.delete(key);
+            }
+        }
+    }
+}
+/**
+ * 创建速率限制中间件（用于 HTTP 服务器）
+ */
+export function createRateLimitMiddleware(config) {
+    const limiter = new RateLimiter(config);
+    const middleware = (req, res, next) => {
+        const key = req.socket?.remoteAddress || 'unknown';
+        if (!limiter.allowRequest(key)) {
+            res.writeHead(429, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({
+                success: false,
+                error: 'Too many requests',
+                code: 'RATE_LIMIT_EXCEEDED'
+            }));
+            return;
+        }
+        next();
+    };
+    // 提供 stop 方法清理资源
+    middleware.stop = () => {
+        limiter.stop();
+    };
+    return middleware;
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/utils/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/utils/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAkBrC;;;GAGG;AACH,MAAM,OAAO,WAAW;IACd,MAAM,CAA4B;IAClC,aAAa,CAAS;IACtB,KAAK,GAAgC,IAAI,GAAG,EAAE,CAAC;IAC/C,MAAM,CAAS;IACf,YAAY,CAAkB;IAC9B,QAAQ,GAAY,KAAK,CAAC;IAElC,YAAY,MAAuB;QACjC,IAAI,CAAC,MAAM,GAAG;YACZ,sBAAsB,EAAE,KAAK;YAC7B,eAAe,EAAE,GAAG;YACpB,GAAG,MAAM;SACV,CAAC;QACF,SAAS;QACT,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACvF,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;QACvD,YAAY;QACZ,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEvE,+BAA+B;QAC/B,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;YAC1C,mBAAmB;QACrB,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,CAAC,MAAM,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,YAAY;QACtB,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QAErB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAChC,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC3C,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,GAAW;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,cAAc;YACd,qCAAqC;YACrC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;gBAClB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,CAAC;gBACnC,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAED,aAAa;QACb,MAAM,UAAU,GAAG,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAC5B,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAC9D,CAAC;QAEF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACpB,gBAAgB;YAChB,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CACrB,IAAI,CAAC,aAAa,EAClB,KAAK,CAAC,MAAM,GAAG,WAAW,CAC3B,CAAC;YACF,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;QACzB,CAAC;QAED,YAAY;QACZ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE;YACtC,GAAG;YACH,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,GAAW;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;QAE3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAC5B,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAC9D,CAAC;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAY;QAChB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;QAExC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtC,IAAI,GAAG,GAAG,KAAK,CAAC,UAAU,GAAG,MAAM,EAAE,CAAC;gBACpC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAuB;IAC/D,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAgB,EAAE,EAAE;QAC1D,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,SAAS,CAAC;QAEnD,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,mBAAmB;gBAC1B,IAAI,EAAE,qBAAqB;aAC5B,CAAC,CAAC,CAAC;YACJ,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,iBAAiB;IACjB,UAAU,CAAC,IAAI,GAAG,GAAG,EAAE;QACrB,OAAO,CAAC,IAAI,EAAE,CAAC;IACjB,CAAC,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/utils/signature.d.ts

@@ -0,0 +1,57 @@
+/**
+ * 请求签名验证工具
+ * 使用 HMAC-SHA256 验证消息来源真实性
+ */
+export interface SignatureConfig {
+    /** 签名密钥 */
+    secretKey: string;
+    /** 时间戳容忍度（毫秒，默认 5 分钟） */
+    timestampTolerance?: number;
+}
+export interface SignedMessage {
+    /** 消息体 */
+    payload: string;
+    /** 时间戳 */
+    timestamp: number;
+    /** 签名 */
+    signature: string;
+    /** 随机 nonce */
+    nonce: string;
+}
+/**
+ * 请求签名验证器
+ */
+export declare class RequestSigner {
+    private secretKey;
+    private timestampTolerance;
+    private logger;
+    constructor(config: SignatureConfig);
+    /**
+     * 生成签名
+     * @param payload - 消息体（JSON 字符串）
+     * @returns 签名后的消息
+     */
+    sign(payload: string): SignedMessage;
+    /**
+     * 验证签名
+     * @param message - 签名后的消息
+     * @returns 验证结果
+     */
+    verify(message: SignedMessage): {
+        valid: boolean;
+        error?: string;
+    };
+    /**
+     * 生成 HMAC-SHA256 签名
+     */
+    private generateSignature;
+    /**
+     * 常量时间比较（防止时序攻击）
+     */
+    private constantTimeCompare;
+}
+/**
+ * 从环境变量加载签名密钥
+ */
+export declare function loadSignatureConfig(): SignatureConfig | null;
+//# sourceMappingURL=signature.d.ts.map

package/dist/utils/signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../src/utils/signature.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,MAAM,WAAW,eAAe;IAC9B,WAAW;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU;IACV,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU;IACV,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS;IACT,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,eAAe;IAMnC;;;;OAIG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa;IAapC;;;;OAIG;IACH,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IA2BlE;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAKzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAM5B;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,eAAe,GAAG,IAAI,CAuB5D"}

package/dist/utils/signature.js

@@ -0,0 +1,102 @@
+/**
+ * 请求签名验证工具
+ * 使用 HMAC-SHA256 验证消息来源真实性
+ */
+import { createHmac, randomBytes, timingSafeEqual } from 'crypto';
+import { Logger } from './logger.js';
+/**
+ * 请求签名验证器
+ */
+export class RequestSigner {
+    secretKey;
+    timestampTolerance;
+    logger;
+    constructor(config) {
+        this.secretKey = config.secretKey;
+        this.timestampTolerance = config.timestampTolerance || 5 * 60 * 1000; // 5 分钟
+        this.logger = new Logger({ component: 'RequestSigner' });
+    }
+    /**
+     * 生成签名
+     * @param payload - 消息体（JSON 字符串）
+     * @returns 签名后的消息
+     */
+    sign(payload) {
+        const timestamp = Date.now();
+        const nonce = randomBytes(16).toString('hex');
+        const signature = this.generateSignature(payload, timestamp, nonce);
+        return {
+            payload,
+            timestamp,
+            signature,
+            nonce
+        };
+    }
+    /**
+     * 验证签名
+     * @param message - 签名后的消息
+     * @returns 验证结果
+     */
+    verify(message) {
+        // 1. 检查时间戳
+        const now = Date.now();
+        const timeDiff = Math.abs(now - message.timestamp);
+        if (timeDiff > this.timestampTolerance) {
+            this.logger.warn('Signature timestamp expired', {
+                timestamp: message.timestamp,
+                diff: timeDiff
+            });
+            return { valid: false, error: 'Timestamp expired' };
+        }
+        // 2. 验证签名
+        const expectedSignature = this.generateSignature(message.payload, message.timestamp, message.nonce);
+        if (!this.constantTimeCompare(message.signature, expectedSignature)) {
+            this.logger.warn('Invalid signature');
+            return { valid: false, error: 'Invalid signature' };
+        }
+        return { valid: true };
+    }
+    /**
+     * 生成 HMAC-SHA256 签名
+     */
+    generateSignature(payload, timestamp, nonce) {
+        const data = `${payload}:${timestamp}:${nonce}`;
+        return createHmac('sha256', this.secretKey).update(data).digest('hex');
+    }
+    /**
+     * 常量时间比较（防止时序攻击）
+     */
+    constantTimeCompare(a, b) {
+        if (a.length !== b.length)
+            return false;
+        const bufA = Buffer.from(a);
+        const bufB = Buffer.from(b);
+        return timingSafeEqual(bufA, bufB);
+    }
+}
+/**
+ * 从环境变量加载签名密钥
+ */
+export function loadSignatureConfig() {
+    const secretKey = process.env.F2A_SIGNATURE_KEY;
+    if (!secretKey) {
+        // 生产环境强制警告，开发环境仅提示
+        const isProduction = process.env.NODE_ENV === 'production';
+        const logger = new Logger({ component: 'SignatureConfig' });
+        if (isProduction) {
+            logger.error('F2A_SIGNATURE_KEY is not set! Signature verification is DISABLED. This is a security risk in production.');
+        }
+        else {
+            logger.warn('F2A_SIGNATURE_KEY is not set. Signature verification is disabled. Set this environment variable for secure message verification.');
+        }
+        return null;
+    }
+    const tolerance = process.env.F2A_SIGNATURE_TOLERANCE
+        ? parseInt(process.env.F2A_SIGNATURE_TOLERANCE, 10)
+        : undefined;
+    return {
+        secretKey,
+        timestampTolerance: tolerance
+    };
+}
+//# sourceMappingURL=signature.js.map