npm - @lark-apaas/fullstack-nestjs-core - Versions diffs - 1.1.12-alpha.1 → 1.1.12-alpha.10 - Mend

@lark-apaas/fullstack-nestjs-core 1.1.12-alpha.1 → 1.1.12-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.cjs CHANGED Viewed

@@ -170,6 +170,47 @@ CsrfMiddleware = _ts_decorate2([
 // src/middlewares/view-context/index.ts
 var import_common3 = require("@nestjs/common");
 var import_nestjs_common = require("@lark-apaas/nestjs-common");
+// src/utils/safe-stringify.ts
+function escapeChar(c) {
+  switch (c.charCodeAt(0)) {
+    case 60:
+      return "\\u003c";
+    case 62:
+      return "\\u003e";
+    case 38:
+      return "\\u0026";
+    case 61:
+      return "\\u003d";
+    case 39:
+      return "\\u0027";
+    case 34:
+      return "\\u0022";
+    case 123:
+      return "\\u007b";
+    case 125:
+      return "\\u007d";
+    case 40:
+      return "\\u0028";
+    case 41:
+      return "\\u0029";
+    case 10:
+      return "\\n";
+    case 8232:
+      return "\\u2028";
+    case 8233:
+      return "\\u2029";
+    default:
+      return c;
+  }
+}
+__name(escapeChar, "escapeChar");
+function safeEscape(s) {
+  return s.replace(/[<>&='"{}()\n\u2028\u2029]/g, escapeChar);
+}
+__name(safeEscape, "safeEscape");
+// src/middlewares/view-context/index.ts
 function _ts_decorate3(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -225,9 +266,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       csrfToken: csrfToken ?? "",
       userId: userId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? "",
+      appDescription: safeEscape(appInfo?.app_description ?? ""),
       tenantId
     };
     res.locals = {
@@ -236,9 +277,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       userId: userId ?? "",
       tenantId: tenantId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? ""
+      appDescription: safeEscape(appInfo?.app_description ?? "")
     };
     next();
   }
@@ -716,6 +757,9 @@ PlatformHttpClientService = _ts_decorate8([
   _ts_metadata5("design:paramtypes", [])
 ], PlatformHttpClientService);
+// src/modules/platform/config/feature-switch.ts
+var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
 // src/modules/platform/module.ts
 function _ts_decorate9(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -752,32 +796,35 @@ var PlatformModule = class _PlatformModule {
           timeout: 5e3,
           maxRedirects: 5
         }),
-        import_nestjs_datapaas.DataPaasModule.forRootAsync({
-          imports: [
-            import_config2.ConfigModule,
-            import_nestjs_logger2.LoggerModule
-          ],
-          inject: [
-            import_config2.ConfigService,
-            import_nestjs_logger2.AppLogger
-          ],
-          useFactory: /* @__PURE__ */ __name(async (...args) => {
-            const configService = args[0];
-            const appLogger = args[1];
-            const drizzleLogger = {
-              logQuery(query, params) {
-                appLogger.log?.("SQL Query " + JSON.stringify({
-                  query,
-                  params
-                }), "Database");
-              }
-            };
-            return {
-              connectionString: configService.get("app.databaseUrl") ?? "",
-              logger: drizzleLogger
-            };
-          }, "useFactory")
-        }),
+        // 读取环境变量判断是否启用 DataPaasModule
+        ...DISABLE_DATAPASS ? [] : [
+          import_nestjs_datapaas.DataPaasModule.forRootAsync({
+            imports: [
+              import_config2.ConfigModule,
+              import_nestjs_logger2.LoggerModule
+            ],
+            inject: [
+              import_config2.ConfigService,
+              import_nestjs_logger2.AppLogger
+            ],
+            useFactory: /* @__PURE__ */ __name(async (...args) => {
+              const configService = args[0];
+              const appLogger = args[1];
+              const drizzleLogger = {
+                logQuery(query, params) {
+                  appLogger.log?.("SQL Query " + JSON.stringify({
+                    query,
+                    params
+                  }), "Database");
+                }
+              };
+              return {
+                connectionString: configService.get("app.databaseUrl") ?? "",
+                logger: drizzleLogger
+              };
+            }, "useFactory")
+          })
+        ],
         import_nestjs_authnpaas.AuthNPaasModule.forRoot(),
         import_nestjs_trigger.AutomationModule.forRoot()
       ],

package/dist/index.js CHANGED Viewed

@@ -128,6 +128,47 @@ CsrfMiddleware = _ts_decorate2([
 // src/middlewares/view-context/index.ts
 import { Inject, Injectable as Injectable3, Logger } from "@nestjs/common";
 import { PLATFORM_HTTP_CLIENT } from "@lark-apaas/nestjs-common";
+// src/utils/safe-stringify.ts
+function escapeChar(c) {
+  switch (c.charCodeAt(0)) {
+    case 60:
+      return "\\u003c";
+    case 62:
+      return "\\u003e";
+    case 38:
+      return "\\u0026";
+    case 61:
+      return "\\u003d";
+    case 39:
+      return "\\u0027";
+    case 34:
+      return "\\u0022";
+    case 123:
+      return "\\u007b";
+    case 125:
+      return "\\u007d";
+    case 40:
+      return "\\u0028";
+    case 41:
+      return "\\u0029";
+    case 10:
+      return "\\n";
+    case 8232:
+      return "\\u2028";
+    case 8233:
+      return "\\u2029";
+    default:
+      return c;
+  }
+}
+__name(escapeChar, "escapeChar");
+function safeEscape(s) {
+  return s.replace(/[<>&='"{}()\n\u2028\u2029]/g, escapeChar);
+}
+__name(safeEscape, "safeEscape");
+// src/middlewares/view-context/index.ts
 function _ts_decorate3(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -183,9 +224,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       csrfToken: csrfToken ?? "",
       userId: userId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? "",
+      appDescription: safeEscape(appInfo?.app_description ?? ""),
       tenantId
     };
     res.locals = {
@@ -194,9 +235,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       userId: userId ?? "",
       tenantId: tenantId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? ""
+      appDescription: safeEscape(appInfo?.app_description ?? "")
     };
     next();
   }
@@ -674,6 +715,9 @@ PlatformHttpClientService = _ts_decorate8([
   _ts_metadata5("design:paramtypes", [])
 ], PlatformHttpClientService);
+// src/modules/platform/config/feature-switch.ts
+var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
 // src/modules/platform/module.ts
 function _ts_decorate9(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -710,32 +754,35 @@ var PlatformModule = class _PlatformModule {
           timeout: 5e3,
           maxRedirects: 5
         }),
-        DataPaasModule.forRootAsync({
-          imports: [
-            ConfigModule,
-            LoggerModule
-          ],
-          inject: [
-            ConfigService,
-            AppLogger2
-          ],
-          useFactory: /* @__PURE__ */ __name(async (...args) => {
-            const configService = args[0];
-            const appLogger = args[1];
-            const drizzleLogger = {
-              logQuery(query, params) {
-                appLogger.log?.("SQL Query " + JSON.stringify({
-                  query,
-                  params
-                }), "Database");
-              }
-            };
-            return {
-              connectionString: configService.get("app.databaseUrl") ?? "",
-              logger: drizzleLogger
-            };
-          }, "useFactory")
-        }),
+        // 读取环境变量判断是否启用 DataPaasModule
+        ...DISABLE_DATAPASS ? [] : [
+          DataPaasModule.forRootAsync({
+            imports: [
+              ConfigModule,
+              LoggerModule
+            ],
+            inject: [
+              ConfigService,
+              AppLogger2
+            ],
+            useFactory: /* @__PURE__ */ __name(async (...args) => {
+              const configService = args[0];
+              const appLogger = args[1];
+              const drizzleLogger = {
+                logQuery(query, params) {
+                  appLogger.log?.("SQL Query " + JSON.stringify({
+                    query,
+                    params
+                  }), "Database");
+                }
+              };
+              return {
+                connectionString: configService.get("app.databaseUrl") ?? "",
+                logger: drizzleLogger
+              };
+            }, "useFactory")
+          })
+        ],
         AuthNPaasModule.forRoot(),
         AutomationModule.forRoot()
       ],

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lark-apaas/fullstack-nestjs-core",
-  "version": "1.1.12-alpha.1",
+  "version": "1.1.12-alpha.10",
   "description": "FullStack Nestjs Core",
   "type": "module",
   "main": "./dist/index.js",
@@ -42,7 +42,7 @@
     "@lark-apaas/http-client": "0.1.2",
     "@lark-apaas/nestjs-authnpaas": "^1.0.2",
     "@lark-apaas/nestjs-common": "^0.1.0",
-    "@lark-apaas/nestjs-datapaas": "^1.0.6",
+    "@lark-apaas/nestjs-datapaas": "^1.0.7",
     "@lark-apaas/nestjs-logger": "^1.0.4",
     "@lark-apaas/nestjs-observable": "^0.0.1",
     "@lark-apaas/nestjs-openapi-devtools": "^1.0.9",
@@ -57,6 +57,7 @@
     "@nestjs/swagger": "^7.4.2",
     "@types/cookie-parser": "^1.4.9",
     "@types/express": "^5.0.3",
+    "@types/serialize-javascript": "^5.0.4",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.2",
     "drizzle-orm": "0.44.6",