@ganwei-web/ganwei-pc-cli 6.2.9 → 6.3.2

package/ganwei-iotcenter-index-6.2.3/packages/ganwei-iotcenter-template/src/utils/string.ts

@@ -0,0 +1,116 @@
+/**
+ * 首字母大写
+ */
+export function capitalize(str: string): string {
+    return str.charAt(0).toUpperCase() + str.slice(1)
+}
+
+/**
+ * 驼峰转连字符
+ */
+export function camelToKebab(str: string): string {
+    return str.replace(/([a-z])([A-Z])/g, '$1-$2').toLowerCase()
+}
+
+/**
+ * 连字符转驼峰
+ */
+export function kebabToCamel(str: string): string {
+    return str.replace(/-([a-z])/g, (_, char) => char.toUpperCase())
+}
+
+/**
+ * 手机号脱敏
+ */
+export function maskPhone(phone: string): string {
+    return phone.replace(/(\d{3})\d{4}(\d{4})/, '$1****$2')
+}
+
+/**
+ * 身份证号脱敏
+ */
+export function maskIdCard(idCard: string): string {
+    return idCard.replace(/(\d{6})\d{8}(\d{4})/, '$1********$2')
+}
+
+/**
+ * 银行卡号脱敏
+ */
+export function maskBankCard(cardNo: string): string {
+    return cardNo.replace(/(\d{4})\d+(\d{4})/, '$1 **** **** $2')
+}
+
+/** 邮箱脱敏：t***e@example.com */
+export function maskEmail(email: string): string {
+    if (!email || !email.includes('@')) return email
+    const [prefix, suffix] = email.split('@')
+    const maskedPrefix = prefix.charAt(0) + '***' + prefix.charAt(prefix.length - 1)
+    return `${maskedPrefix}@${suffix}`
+}
+
+/** 姓名脱敏：张*（2字）/ 张**（3字+） */
+export function maskName(name: string): string {
+    if (!name) return name
+    if (name.length === 2) return name.charAt(0) + '*'
+    return name.charAt(0) + '*'.repeat(name.length - 1)
+}
+
+/** 地址脱敏：北京市朝阳区*** */
+export function maskAddress(address: string): string {
+    if (!address || address.length <= 6) return address
+    return address.substring(0, 6) + '***'
+}
+
+/**
+ * 截断字符串
+ */
+export function truncate(str: string, length: number, suffix = '...'): string {
+    if (str.length <= length) return str
+    return str.substring(0, length) + suffix
+}
+
+/**
+ * 移除 HTML 标签
+ */
+export function stripHtml(html: string): string {
+    return html.replace(/<[^>]*>/g, '')
+}
+
+/**
+ * 转义 HTML 特殊字符
+ */
+export function escapeHtml(str: string): string {
+    const escapeMap: Record<string, string> = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#39;'
+    }
+
+    return str.replace(/[&<>"']/g, char => escapeMap[char])
+}
+
+/**
+ * 解析 URL 参数
+ */
+export function parseQueryString(url: string): Record<string, string> {
+    const queryString = url.split('?')[1]
+    if (!queryString) return {}
+
+    return queryString.split('&').reduce((params, param) => {
+        const [key, value] = param.split('=')
+        params[decodeURIComponent(key)] = decodeURIComponent(value || '')
+        return params
+    }, {} as Record<string, string>)
+}
+
+/**
+ * 序列化对象为 URL 参数
+ */
+export function stringifyQueryString(obj: Record<string, any>): string {
+    return Object.entries(obj)
+        .filter(([, value]) => value !== undefined && value !== null)
+        .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
+        .join('&')
+}

package/ganwei-iotcenter-index-6.2.3/packages/ganwei-iotcenter-template/src/utils/xss-filter.ts

@@ -0,0 +1,260 @@
+/**
+ * XSS 过滤工具
+ * 用于过滤和清理用户输入，防止 XSS 攻击
+ */
+
+/**
+ * HTML 实体编码映射
+ */
+const HTML_ENTITIES: Record<string, string> = {
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#x27;',
+  '/': '&#x2F;',
+  '`': '&#x60;',
+  '=': '&#x3D;'
+}
+
+/**
+ * 危险 HTML 标签正则
+ */
+const DANGEROUS_TAGS_REGEX =
+  /<(script|iframe|object|embed|form|input|button|textarea|select|style|link|meta|base)[^>]*>.*?<\/\1>|<(script|iframe|object|embed|form|input|button|textarea|select|style|link|meta|base)[^>]*\/?>/gi
+
+/**
+ * 危险属性正则
+ */
+const DANGEROUS_ATTRS_REGEX = /\s(on\w+|href|src|action|formaction|data|dynsrc|lowsrc)\s*=\s*(['"]?)[^'">\s]*\2/gi
+
+/**
+ * javascript: 协议正则
+ */
+const JAVASCRIPT_PROTOCOL_REGEX = /javascript\s*:/gi
+
+/**
+ * 转义 HTML 特殊字符
+ * @param str - 要转义的字符串
+ * @returns 转义后的字符串
+ * @example
+ * escapeHtml('<script>alert("xss")</script>')
+ * // '&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;'
+ */
+export function escapeHtml(str: string): string {
+  if (!str) return ''
+  return str.replace(/[&<>"'`=/]/g, char => HTML_ENTITIES[char])
+}
+
+/**
+ * 反转义 HTML 特殊字符
+ * @param str - 要反转义的字符串
+ * @returns 反转义后的字符串
+ */
+export function unescapeHtml(str: string): string {
+  if (!str) return ''
+  const entities: Record<string, string> = {
+    '&amp;': '&',
+    '&lt;': '<',
+    '&gt;': '>',
+    '&quot;': '"',
+    '&#x27;': "'",
+    '&#x2F;': '/',
+    '&#x60;': '`',
+    '&#x3D;': '='
+  }
+  return str.replace(/&(amp|lt|gt|quot|#x27|#x2F|#x60|#x3D);/g, entity => entities[entity] || entity)
+}
+
+/**
+ * 移除危险 HTML 标签
+ * @param html - HTML 字符串
+ * @returns 清理后的 HTML
+ * @example
+ * stripDangerousTags('<script>alert(1)</script><p>安全</p>')
+ * // '<p>安全</p>'
+ */
+export function stripDangerousTags(html: string): string {
+  if (!html) return ''
+  return html.replace(DANGEROUS_TAGS_REGEX, '')
+}
+
+/**
+ * 移除危险属性
+ * @param html - HTML 字符串
+ * @returns 清理后的 HTML
+ * @example
+ * stripDangerousAttrs('<div onclick="alert(1)">内容</div>')
+ * // '<div>内容</div>'
+ */
+export function stripDangerousAttrs(html: string): string {
+  if (!html) return ''
+  return html.replace(DANGEROUS_ATTRS_REGEX, '')
+}
+
+/**
+ * 移除 javascript: 协议
+ * @param str - 字符串
+ * @returns 清理后的字符串
+ */
+export function stripJavascriptProtocol(str: string): string {
+  if (!str) return ''
+  return str.replace(JAVASCRIPT_PROTOCOL_REGEX, '')
+}
+
+/**
+ * XSS 过滤（完整版）
+ * @param input - 用户输入
+ * @param options - 过滤选项
+ * @returns 过滤后的安全字符串
+ */
+export interface XssFilterOptions {
+
+  /** 是否转义 HTML，默认 true */
+  escapeHtml?: boolean
+
+  /** 是否移除危险标签，默认 true */
+  stripDangerousTags?: boolean
+
+  /** 是否移除危险属性，默认 true */
+  stripDangerousAttrs?: boolean
+
+  /** 是否移除 javascript 协议，默认 true */
+  stripJavascriptProtocol?: boolean
+}
+
+export function xssFilter(input: string, options: XssFilterOptions = {}): string {
+  if (!input) return ''
+
+  const {
+    escapeHtml: shouldEscape = true,
+    stripDangerousTags: shouldStripTags = true,
+    stripDangerousAttrs: shouldStripAttrs = true,
+    stripJavascriptProtocol: shouldStripJsProtocol = true
+  } = options
+
+  let result = input
+
+  // 移除危险标签
+  if (shouldStripTags) {
+    result = stripDangerousTags(result)
+  }
+
+  // 移除危险属性
+  if (shouldStripAttrs) {
+    result = stripDangerousAttrs(result)
+  }
+
+  // 移除 javascript 协议
+  if (shouldStripJsProtocol) {
+    result = stripJavascriptProtocol(result)
+  }
+
+  // 转义 HTML
+  if (shouldEscape) {
+    result = escapeHtml(result)
+  }
+
+  return result
+}
+
+/**
+ * 过滤 URL，只允许安全协议
+ * @param url - URL 字符串
+ * @param allowedProtocols - 允许的协议列表
+ * @returns 安全的 URL 或空字符串
+ * @example
+ * filterUrl('javascript:alert(1)') // ''
+ * filterUrl('https://example.com') // 'https://example.com'
+ */
+export function filterUrl(
+  url: string,
+  allowedProtocols: string[] = ['http', 'https', 'mailto', 'tel', 'ftp']
+): string {
+  if (!url) return ''
+
+  // 移除空白字符
+  const trimmedUrl = url.trim()
+
+  // 检查是否为相对路径或锚点
+  if (trimmedUrl.startsWith('/') || trimmedUrl.startsWith('#') || trimmedUrl.startsWith('?')) {
+    return trimmedUrl
+  }
+
+  // 提取协议
+  const protocolMatch = trimmedUrl.match(/^([a-zA-Z][a-zA-Z0-9+.-]*):/)
+  if (!protocolMatch) {
+    return trimmedUrl // 无协议，视为相对路径
+  }
+
+  const protocol = protocolMatch[1].toLowerCase()
+
+  // 检查协议是否在允许列表中
+  if (allowedProtocols.includes(protocol)) {
+    return trimmedUrl
+  }
+
+  return ''
+}
+
+/**
+ * 过滤对象中的 XSS
+ * @param obj - 要过滤的对象
+ * @param options - 过滤选项
+ * @returns 过滤后的对象
+ */
+export function filterObject<T extends Record<string, any>>(
+  obj: T,
+  options: XssFilterOptions = {}
+): T {
+  if (!obj || typeof obj !== 'object') return obj
+
+  const result: Record<string, any> = {}
+
+  for (const [key, value] of Object.entries(obj)) {
+    if (typeof value === 'string') {
+      result[key] = xssFilter(value, options)
+    } else if (typeof value === 'object' && value !== null) {
+      result[key] = filterObject(value, options)
+    } else {
+      result[key] = value
+    }
+  }
+
+  return result as T
+}
+
+/**
+ * 白名单标签过滤
+ * 只保留允许的 HTML 标签
+ * @param html - HTML 字符串
+ * @param allowedTags - 允许的标签列表
+ * @returns 过滤后的 HTML
+ * @example
+ * filterHtmlTags('<p><script>alert(1)</script>内容</p>', ['p'])
+ * // '<p>内容</p>'
+ */
+export function filterHtmlTags(html: string, allowedTags: string[] = []): string {
+  if (!html) return ''
+  if (allowedTags.length === 0) return escapeHtml(html)
+
+  // 构建白名单正则
+  const allowedTagsPattern = allowedTags.join('|')
+  const openTagRegex = new RegExp(`<(${allowedTagsPattern})([^>]*)>`, 'gi')
+  const closeTagRegex = new RegExp(`</(${allowedTagsPattern})>`, 'gi')
+
+  // 先转义所有 HTML
+  let result = escapeHtml(html)
+
+  // 恢复允许的标签
+  result = result.replace(
+    new RegExp(`&lt;(${allowedTagsPattern})([^&]*)&gt;`, 'gi'),
+    (_, tag, attrs) => `<${tag}${unescapeHtml(attrs)}>`
+  )
+  result = result.replace(
+    new RegExp(`&lt;/(${allowedTagsPattern})&gt;`, 'gi'),
+    (_, tag) => `</${tag}>`
+  )
+
+  return result
+}

package/ganwei-iotcenter-index-6.2.3/packages/ganwei-iotcenter-template/src/views/template.vue

@@ -8,7 +8,6 @@
 import { ref, reactive } from 'vue'
 import { ElMessage, type FormInstance, type FormRules } from 'element-plus'
 
-
 </script>
 
 <style scoped lang="scss">

package/ganwei-iotcenter-index-6.2.3/packages/ganwei-iotcenter-template/tsconfig.json

@@ -45,11 +45,18 @@
     }
   },
   "include": [
+    "env.d.ts",
     "src/**/*.ts",
     "src/**/*.d.ts",
     "src/**/*.tsx",
     "src/**/*.vue",
     "build/**/*.ts",
     "build/**/*.tsx"
+  ],
+  /** 编译器默认排除的编译文件 */
+  "exclude": [
+    "node_modules",
+    "dist",
+    "public"
   ]
 }