npm - @lark-apaas/fullstack-nestjs-core - Versions diffs - 1.1.12-alpha.14 → 1.1.12-alpha.15 - Mend

@lark-apaas/fullstack-nestjs-core 1.1.12-alpha.14 → 1.1.12-alpha.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.cjs CHANGED Viewed

@@ -171,6 +171,51 @@ CsrfMiddleware = _ts_decorate2([
 // src/middlewares/view-context/index.ts
 var import_common3 = require("@nestjs/common");
 var import_nestjs_common = require("@lark-apaas/nestjs-common");
+// src/utils/safe-stringify.ts
+function safeEscape(s) {
+  return s.replace(/[<>&='"\n\r\u2028\u2029]/g, function(c) {
+    switch (c.charCodeAt(0)) {
+      case 60:
+        return "\\u003c";
+      // <
+      case 62:
+        return "\\u003e";
+      // >
+      case 38:
+        return "\\u0026";
+      // &
+      case 61:
+        return "\\u003d";
+      // =
+      case 39:
+        return "\\u0027";
+      // '
+      case 34:
+        return "\\u0022";
+      // "
+      case 10:
+        return "\\u000a";
+      // \n
+      case 13:
+        return "\\u000d";
+      // \r
+      // 正常来说用户无法输入这几个字符, 现代浏览器也修复了这个问题
+      // https://zhuanlan.zhihu.com/p/29958439
+      case 8232:
+        return "\\u2028";
+      // 行分隔符
+      case 8233:
+        return "\\u2029";
+      // 段落分隔符
+      default:
+        return c;
+    }
+  });
+}
+__name(safeEscape, "safeEscape");
+// src/middlewares/view-context/index.ts
 function _ts_decorate3(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -221,14 +266,13 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
     const { userId, tenantId, appId } = req.userContext;
     const csrfToken = req.csrfToken;
     const appInfo = await this.getAppInfo(appId);
-    this.logger.debug(`appInfo: ${JSON.stringify(appInfo)}`);
     req.__platform_data__ = {
       csrfToken: csrfToken ?? "",
       userId: userId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? "",
+      appDescription: safeEscape(appInfo?.app_description ?? ""),
       tenantId
     };
     res.locals = {
@@ -237,9 +281,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       userId: userId ?? "",
       tenantId: tenantId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? ""
+      appDescription: safeEscape(appInfo?.app_description ?? "")
     };
     next();
   }
@@ -721,6 +765,9 @@ PlatformHttpClientService = _ts_decorate8([
   _ts_metadata5("design:paramtypes", [])
 ], PlatformHttpClientService);
+// src/modules/platform/config/feature-switch.ts
+var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
 // src/modules/platform/module.ts
 function _ts_decorate9(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -757,34 +804,37 @@ var PlatformModule = class _PlatformModule {
           timeout: 5e3,
           maxRedirects: 5
         }),
-        import_nestjs_datapaas.DataPaasModule.forRootAsync({
-          imports: [
-            import_config2.ConfigModule,
-            import_nestjs_logger2.LoggerModule
-          ],
-          inject: [
-            import_config2.ConfigService,
-            import_nestjs_logger2.AppLogger
-          ],
-          useFactory: /* @__PURE__ */ __name(async (...args) => {
-            const configService = args[0];
-            const appLogger = args[1];
-            const drizzleLogger = {
-              logQuery(query, params) {
-                if (process.env.NODE_ENV === "development") {
-                  appLogger.log?.("SQL Query " + JSON.stringify({
-                    query,
-                    params
-                  }), "Database");
+        // 读取环境变量判断是否启用 DataPaasModule
+        ...DISABLE_DATAPASS ? [] : [
+          import_nestjs_datapaas.DataPaasModule.forRootAsync({
+            imports: [
+              import_config2.ConfigModule,
+              import_nestjs_logger2.LoggerModule
+            ],
+            inject: [
+              import_config2.ConfigService,
+              import_nestjs_logger2.AppLogger
+            ],
+            useFactory: /* @__PURE__ */ __name(async (...args) => {
+              const configService = args[0];
+              const appLogger = args[1];
+              const drizzleLogger = {
+                logQuery(query, params) {
+                  if (process.env.NODE_ENV === "development") {
+                    appLogger.log?.("SQL Query " + JSON.stringify({
+                      query,
+                      params
+                    }), "Database");
+                  }
                 }
-              }
-            };
-            return {
-              connectionString: configService.get("app.databaseUrl") ?? "",
-              logger: drizzleLogger
-            };
-          }, "useFactory")
-        }),
+              };
+              return {
+                connectionString: configService.get("app.databaseUrl") ?? "",
+                logger: drizzleLogger
+              };
+            }, "useFactory")
+          })
+        ],
         import_nestjs_authnpaas.AuthNPaasModule.forRoot(),
         import_nestjs_trigger.AutomationModule.forRoot()
       ],
@@ -870,6 +920,7 @@ async function configureApp(app, perms = defaultPerms) {
   app.use((0, import_cookie_parser.default)());
   const globalPrefix = process.env.CLIENT_BASE_PATH ?? "";
   app.setGlobalPrefix(globalPrefix);
+  app.set("trust proxy", true);
   if (process.env.NODE_ENV !== "production" && perms.disableSwagger !== true) {
     try {
       await import_nestjs_openapi_devtools.DevToolsV2Module.mount(app, {
@@ -881,6 +932,7 @@ async function configureApp(app, perms = defaultPerms) {
       console.error("[OpenAPI] OpenAPI \u751F\u6210\u5931\u8D25:", err);
     }
   }
+  console.log("App Started Successfully.");
 }
 __name(configureApp, "configureApp");

package/dist/index.js CHANGED Viewed

@@ -128,6 +128,51 @@ CsrfMiddleware = _ts_decorate2([
 // src/middlewares/view-context/index.ts
 import { Inject, Injectable as Injectable3, Logger } from "@nestjs/common";
 import { PLATFORM_HTTP_CLIENT } from "@lark-apaas/nestjs-common";
+// src/utils/safe-stringify.ts
+function safeEscape(s) {
+  return s.replace(/[<>&='"\n\r\u2028\u2029]/g, function(c) {
+    switch (c.charCodeAt(0)) {
+      case 60:
+        return "\\u003c";
+      // <
+      case 62:
+        return "\\u003e";
+      // >
+      case 38:
+        return "\\u0026";
+      // &
+      case 61:
+        return "\\u003d";
+      // =
+      case 39:
+        return "\\u0027";
+      // '
+      case 34:
+        return "\\u0022";
+      // "
+      case 10:
+        return "\\u000a";
+      // \n
+      case 13:
+        return "\\u000d";
+      // \r
+      // 正常来说用户无法输入这几个字符, 现代浏览器也修复了这个问题
+      // https://zhuanlan.zhihu.com/p/29958439
+      case 8232:
+        return "\\u2028";
+      // 行分隔符
+      case 8233:
+        return "\\u2029";
+      // 段落分隔符
+      default:
+        return c;
+    }
+  });
+}
+__name(safeEscape, "safeEscape");
+// src/middlewares/view-context/index.ts
 function _ts_decorate3(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -178,14 +223,13 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
     const { userId, tenantId, appId } = req.userContext;
     const csrfToken = req.csrfToken;
     const appInfo = await this.getAppInfo(appId);
-    this.logger.debug(`appInfo: ${JSON.stringify(appInfo)}`);
     req.__platform_data__ = {
       csrfToken: csrfToken ?? "",
       userId: userId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? "",
+      appDescription: safeEscape(appInfo?.app_description ?? ""),
       tenantId
     };
     res.locals = {
@@ -194,9 +238,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       userId: userId ?? "",
       tenantId: tenantId ?? "",
       appId: appId ?? "",
-      appName: appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528",
+      appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
-      appDescription: appInfo?.app_description ?? ""
+      appDescription: safeEscape(appInfo?.app_description ?? "")
     };
     next();
   }
@@ -678,6 +722,9 @@ PlatformHttpClientService = _ts_decorate8([
   _ts_metadata5("design:paramtypes", [])
 ], PlatformHttpClientService);
+// src/modules/platform/config/feature-switch.ts
+var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
 // src/modules/platform/module.ts
 function _ts_decorate9(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -714,34 +761,37 @@ var PlatformModule = class _PlatformModule {
           timeout: 5e3,
           maxRedirects: 5
         }),
-        DataPaasModule.forRootAsync({
-          imports: [
-            ConfigModule,
-            LoggerModule
-          ],
-          inject: [
-            ConfigService,
-            AppLogger2
-          ],
-          useFactory: /* @__PURE__ */ __name(async (...args) => {
-            const configService = args[0];
-            const appLogger = args[1];
-            const drizzleLogger = {
-              logQuery(query, params) {
-                if (process.env.NODE_ENV === "development") {
-                  appLogger.log?.("SQL Query " + JSON.stringify({
-                    query,
-                    params
-                  }), "Database");
+        // 读取环境变量判断是否启用 DataPaasModule
+        ...DISABLE_DATAPASS ? [] : [
+          DataPaasModule.forRootAsync({
+            imports: [
+              ConfigModule,
+              LoggerModule
+            ],
+            inject: [
+              ConfigService,
+              AppLogger2
+            ],
+            useFactory: /* @__PURE__ */ __name(async (...args) => {
+              const configService = args[0];
+              const appLogger = args[1];
+              const drizzleLogger = {
+                logQuery(query, params) {
+                  if (process.env.NODE_ENV === "development") {
+                    appLogger.log?.("SQL Query " + JSON.stringify({
+                      query,
+                      params
+                    }), "Database");
+                  }
                 }
-              }
-            };
-            return {
-              connectionString: configService.get("app.databaseUrl") ?? "",
-              logger: drizzleLogger
-            };
-          }, "useFactory")
-        }),
+              };
+              return {
+                connectionString: configService.get("app.databaseUrl") ?? "",
+                logger: drizzleLogger
+              };
+            }, "useFactory")
+          })
+        ],
         AuthNPaasModule.forRoot(),
         AutomationModule.forRoot()
       ],
@@ -827,6 +877,7 @@ async function configureApp(app, perms = defaultPerms) {
   app.use(cookieParser());
   const globalPrefix = process.env.CLIENT_BASE_PATH ?? "";
   app.setGlobalPrefix(globalPrefix);
+  app.set("trust proxy", true);
   if (process.env.NODE_ENV !== "production" && perms.disableSwagger !== true) {
     try {
       await DevToolsV2Module.mount(app, {
@@ -838,6 +889,7 @@ async function configureApp(app, perms = defaultPerms) {
       console.error("[OpenAPI] OpenAPI \u751F\u6210\u5931\u8D25:", err);
     }
   }
+  console.log("App Started Successfully.");
 }
 __name(configureApp, "configureApp");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lark-apaas/fullstack-nestjs-core",
-  "version": "1.1.12-alpha.14",
+  "version": "1.1.12-alpha.15",
   "description": "FullStack Nestjs Core",
   "type": "module",
   "main": "./dist/index.js",
@@ -43,7 +43,7 @@
     "@lark-apaas/nestjs-authnpaas": "^1.0.2",
     "@lark-apaas/nestjs-common": "^0.1.1",
     "@lark-apaas/nestjs-datapaas": "^1.0.7",
-    "@lark-apaas/nestjs-logger": "1.0.6-alpha.0",
+    "@lark-apaas/nestjs-logger": "1.0.6-alpha.1",
     "@lark-apaas/nestjs-observable": "^0.0.2",
     "@lark-apaas/nestjs-openapi-devtools": "^1.0.9",
     "@lark-apaas/nestjs-trigger": "^0.0.1",