@maiyunnet/kebab 9.1.0 → 9.1.1

package/doc/kebab-rag.md

@@ -1355,7 +1355,7 @@ index/variables/VER.md
 
 # Variable: VER
 
-> `const` **VER**: `"9.1.0"` = `'9.1.0'`
+> `const` **VER**: `"9.1.1"` = `'9.1.1'`
 
 Defined in: [index.ts:10](https://github.com/maiyunnet/kebab/blob/master/index.ts#L10)
 
@@ -13049,7 +13049,7 @@ Defined in: [lib/session.ts:39](https://github.com/maiyunnet/kebab/blob/master/l
 
 > **getName**(): `string`
 
-Defined in: [lib/session.ts:207](https://github.com/maiyunnet/kebab/blob/master/lib/session.ts#L207)
+Defined in: [lib/session.ts:212](https://github.com/maiyunnet/kebab/blob/master/lib/session.ts#L212)
 
 获取当前的 cookie 的 name 值
 
@@ -13063,7 +13063,7 @@ Defined in: [lib/session.ts:207](https://github.com/maiyunnet/kebab/blob/master/
 
 > **getToken**(): `string`
 
-Defined in: [lib/session.ts:200](https://github.com/maiyunnet/kebab/blob/master/lib/session.ts#L200)
+Defined in: [lib/session.ts:205](https://github.com/maiyunnet/kebab/blob/master/lib/session.ts#L205)
 
 获取当前的 token 值
 
@@ -13119,7 +13119,7 @@ false 表示系统错误
 
 > **update**(): `Promise`\<`void`\>
 
-Defined in: [lib/session.ts:214](https://github.com/maiyunnet/kebab/blob/master/lib/session.ts#L214)
+Defined in: [lib/session.ts:219](https://github.com/maiyunnet/kebab/blob/master/lib/session.ts#L219)
 
 页面整体结束时，要写入到 Kv 或 数据库
 
@@ -20199,7 +20199,7 @@ Defined in: [sys/ctr.ts:120](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 Defined in: [sys/ctr.ts:132](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L132)
 
-获取当前过期时间
+获取当前过期时间（毫秒）
 
 ##### Returns
 
@@ -20211,7 +20211,7 @@ Defined in: [sys/ctr.ts:132](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 Defined in: [sys/ctr.ts:139](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L139)
 
-设置当前过期时间
+设置当前过期时间（毫秒）
 
 ##### Parameters
 
@@ -20319,7 +20319,7 @@ Defined in: [sys/ctr.ts:746](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_cross**(`opt?`): `boolean`
 
-Defined in: [sys/ctr.ts:960](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L960)
+Defined in: [sys/ctr.ts:975](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L975)
 
 开启跨域请求
 
@@ -20401,7 +20401,7 @@ Defined in: [sys/ctr.ts:757](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_end**(): `void`
 
-Defined in: [sys/ctr.ts:1068](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1068)
+Defined in: [sys/ctr.ts:1083](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1083)
 
 主动关闭当前 socket 连接
 
@@ -20443,7 +20443,7 @@ Defined in: [sys/ctr.ts:781](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_getLocale**(): `string`
 
-Defined in: [sys/ctr.ts:951](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L951)
+Defined in: [sys/ctr.ts:966](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L966)
 
 获取当前语言名
 
@@ -20457,7 +20457,7 @@ Defined in: [sys/ctr.ts:951](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_getLocaleJsonString**(): `string`
 
-Defined in: [sys/ctr.ts:939](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L939)
+Defined in: [sys/ctr.ts:954](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L954)
 
 根据当前后台语言包设置情况获取 JSON 字符串传输到前台
 
@@ -20509,7 +20509,7 @@ Defined in: [sys/ctr.ts:315](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_handleFormData**(`events?`, `limits?`): `Promise`\<`boolean`\>
 
-Defined in: [sys/ctr.ts:1077](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1077)
+Defined in: [sys/ctr.ts:1092](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1092)
 
 获取 formdata 的信息
 
@@ -20557,7 +20557,7 @@ Defined in: [sys/ctr.ts:1077](https://github.com/maiyunnet/kebab/blob/master/sys
 
 > **\_l**(`key`, `data?`): `string`
 
-Defined in: [sys/ctr.ts:1003](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1003)
+Defined in: [sys/ctr.ts:1018](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1018)
 
 获取语言包值
 
@@ -20583,7 +20583,7 @@ Defined in: [sys/ctr.ts:1003](https://github.com/maiyunnet/kebab/blob/master/sys
 
 > `protected` **\_loadData**(`path`): `Promise`\<`Record`\<`string`, `string`\> \| `null`\>
 
-Defined in: [sys/ctr.ts:842](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L842)
+Defined in: [sys/ctr.ts:857](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L857)
 
 获取 data 数据
 
@@ -20605,7 +20605,7 @@ Defined in: [sys/ctr.ts:842](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_loadLocale**(`loc`, `pkg?`): `Promise`\<`boolean`\>
 
-Defined in: [sys/ctr.ts:890](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L890)
+Defined in: [sys/ctr.ts:905](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L905)
 
 设定语言并加载语言包
 
@@ -20726,7 +20726,7 @@ Defined in: [sys/ctr.ts:332](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_location**(`location`): `false`
 
-Defined in: [sys/ctr.ts:860](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L860)
+Defined in: [sys/ctr.ts:875](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L875)
 
 跳转（302临时跳转），支持相对本项目根路径的路径或绝对路径
 
@@ -20748,7 +20748,7 @@ Defined in: [sys/ctr.ts:860](https://github.com/maiyunnet/kebab/blob/master/sys/
 
 > `protected` **\_ping**(`data?`): `boolean`
 
-Defined in: [sys/ctr.ts:1053](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1053)
+Defined in: [sys/ctr.ts:1068](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1068)
 
 发送 socket ping
 
@@ -20770,7 +20770,7 @@ Defined in: [sys/ctr.ts:1053](https://github.com/maiyunnet/kebab/blob/master/sys
 
 > `protected` **\_pong**(`data?`): `boolean`
 
-Defined in: [sys/ctr.ts:1061](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1061)
+Defined in: [sys/ctr.ts:1076](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1076)
 
 发送 socket pong
 
@@ -20792,7 +20792,7 @@ Defined in: [sys/ctr.ts:1061](https://github.com/maiyunnet/kebab/blob/master/sys
 
 > `protected` **\_startSession**(`link`, `auth?`, `opt?`): `Promise`\<`boolean`\>
 
-Defined in: [sys/ctr.ts:874](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L874)
+Defined in: [sys/ctr.ts:889](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L889)
 
 开启 Session
 
@@ -20826,7 +20826,7 @@ Kv 或 Db 实例
 
 > `protected` **\_writeBinary**(`data`): `boolean`
 
-Defined in: [sys/ctr.ts:1045](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1045)
+Defined in: [sys/ctr.ts:1060](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1060)
 
 发送 socket 二进制
 
@@ -20848,7 +20848,7 @@ Defined in: [sys/ctr.ts:1045](https://github.com/maiyunnet/kebab/blob/master/sys
 
 > `protected` **\_writeResult**(`data`): `boolean`
 
-Defined in: [sys/ctr.ts:1037](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1037)
+Defined in: [sys/ctr.ts:1052](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1052)
 
 发送结果对象文本
 
@@ -20870,7 +20870,7 @@ Defined in: [sys/ctr.ts:1037](https://github.com/maiyunnet/kebab/blob/master/sys
 
 > `protected` **\_writeText**(`data`): `boolean`
 
-Defined in: [sys/ctr.ts:1029](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1029)
+Defined in: [sys/ctr.ts:1044](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L1044)
 
 发送 socket 文本
 
@@ -20890,15 +20890,15 @@ Defined in: [sys/ctr.ts:1029](https://github.com/maiyunnet/kebab/blob/master/sys
 
 ### getAuthorization()
 
-> **getAuthorization**(): `false` \| \{ `pwd`: `string`; `user`: `string`; \}
+> **getAuthorization**(): `false` \| \{ `pwd`: `string`; `type`: `"basic"`; `user`: `string`; \} \| \{ `token`: `string`; `type`: `"bearer"`; \}
 
 Defined in: [sys/ctr.ts:809](https://github.com/maiyunnet/kebab/blob/master/sys/ctr.ts#L809)
 
-通过 header 或 _auth 获取 Basic Auth 鉴权信息
+通过 header 或 _auth 获取鉴权信息，支持 Basic Auth 和 Bearer Token
 
 #### Returns
 
-`false` \| \{ `pwd`: `string`; `user`: `string`; \}
+`false` \| \{ `pwd`: `string`; `type`: `"basic"`; `user`: `string`; \} \| \{ `token`: `string`; `type`: `"bearer"`; \}
 
 ***
 
@@ -23890,7 +23890,7 @@ sys/route/functions/getFormData.md
 
 > **getFormData**(`req`, `events?`, `limits?`): `Promise`\<`false` \| \{ `files`: `Record`\<`string`, [`IPostFile`](../../../index/interfaces/IPostFile.md) \| [`IPostFile`](../../../index/interfaces/IPostFile.md)[]\>; `post`: `Record`\<`string`, [`Json`](../../../index/type-aliases/Json.md)\>; \}\>
 
-Defined in: [sys/route.ts:933](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L933)
+Defined in: [sys/route.ts:962](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L962)
 
 获取 formdata 的 post
 
@@ -23957,7 +23957,7 @@ sys/route/functions/getPost.md
 
 > **getPost**(`req`): `Promise`\<\{ `input`: `string`; `post`: `Record`\<`string`, `any`\>; `raw`: `Record`\<`string`, `any`\>; \}\>
 
-Defined in: [sys/route.ts:866](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L866)
+Defined in: [sys/route.ts:876](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L876)
 
 获取 post 对象（通常已自动获取），如果是文件上传（formdata）的情况则不获取
 
@@ -24073,7 +24073,7 @@ sys/route/functions/unlinkUploadFiles.md
 
 > **unlinkUploadFiles**(`cctr`): `Promise`\<`void`\>
 
-Defined in: [sys/route.ts:825](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L825)
+Defined in: [sys/route.ts:835](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L835)
 
 删除本次请求所有已上传的临时文件
 
@@ -24102,7 +24102,7 @@ sys/route/functions/waitCtr.md
 
 > **waitCtr**(`cctr`): `Promise`\<`void`\>
 
-Defined in: [sys/route.ts:845](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L845)
+Defined in: [sys/route.ts:855](https://github.com/maiyunnet/kebab/blob/master/sys/route.ts#L855)
 
 等待异步任务结束，并删除临时文件，如果结束后还有事务没关闭，则会在本函数中打印控制台并且写入 log 文件
 此时其实已经给客户端返回了，此处等待不消耗客户端的等待时间

package/index.d.ts

@@ -5,7 +5,7 @@
  * --- 本文件用来定义每个目录实体地址的常量 ---
  */
 /** --- 当前系统版本号 --- */
-export declare const VER = "9.1.0";
+export declare const VER = "9.1.1";
 /** --- 框架根目录，以 / 结尾  --- */
 export declare const ROOT_PATH: string;
 /** --- 框架的 LIB，以 / 结尾 --- */

package/index.js

@@ -6,7 +6,7 @@
  * --- 本文件用来定义每个目录实体地址的常量 ---
  */
 /** --- 当前系统版本号 --- */
-export const VER = '9.1.0';
+export const VER = '9.1.1';
 // --- 服务端用的路径 ---
 const imu = decodeURIComponent(import.meta.url).replace('file://', '').replace(/^\/(\w:)/, '$1');
 /** --- /xxx/xxx --- */

package/lib/session.js

@@ -56,7 +56,12 @@ export class Session {
         }
         else if (auth) {
             const a = ctr.getAuthorization();
-            if (a && typeof a !== 'string' && (a.user === 'token')) {
+            if (a && a.type === 'bearer') {
+                // --- Authorization: Bearer <token> ---
+                this._token = a.token;
+            }
+            else if (a && a.type === 'basic' && a.user === 'token') {
+                // --- Authorization: Basic base64(token:<token>)，兼容旧模式 ---
                 this._token = a.pwd;
             }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@maiyunnet/kebab",
-  "version": "9.1.0",
+  "version": "9.1.1",
   "description": "Simple, easy-to-use, and fully-featured Node.js framework that is ready-to-use out of the box.",
   "type": "module",
   "keywords": [

package/sys/ctr.d.ts

@@ -58,10 +58,10 @@ export declare class Ctr {
         'timeout': number;
         'callback': () => void;
     };
-    /** --- 获取当前过期时间 --- */
+    /** --- 获取当前过期时间（毫秒） --- */
     get timeout(): number;
     /**
-     * --- 设置当前过期时间 ---
+     * --- 设置当前过期时间（毫秒） ---
      */
     set timeout(num: number);
     /** --- 一些需要等待的事项的记录（异步任务、事务） --- */
@@ -231,14 +231,18 @@ export declare class Ctr {
      * --- 根据用户 ua 获取当前用户的设备类型 ---
      */
     protected _device(): 'android' | 'windows' | 'linux' | 'macintosh' | 'ipad' | 'unknown';
-    /** --- auth 对象，user, pwd --- */
+    /** --- auth 对象 --- */
     private _authorization;
     /**
-     * --- 通过 header 或 _auth 获取 Basic Auth 鉴权信息 ---
+     * --- 通过 header 或 _auth 获取鉴权信息，支持 Basic Auth 和 Bearer Token ---
      */
     getAuthorization(): {
+        'type': 'basic';
         'user': string;
         'pwd': string;
+    } | {
+        'type': 'bearer';
+        'token': string;
     } | false;
     /**
      * --- 获取 data 数据 ---

package/sys/ctr.js

@@ -78,12 +78,12 @@ export class Ctr {
     }
     /** --- timeout 的 timer --- */
     _timer;
-    /** --- 获取当前过期时间 --- */
+    /** --- 获取当前过期时间（毫秒） --- */
     get timeout() {
         return this._timer?.timeout ?? 30_000;
     }
     /**
-     * --- 设置当前过期时间 ---
+     * --- 设置当前过期时间（毫秒） ---
      */
     set timeout(num) {
         if (!this._timer) {
@@ -642,10 +642,10 @@ export class Ctr {
         }
         return 'unknown';
     }
-    /** --- auth 对象，user, pwd --- */
+    /** --- auth 对象 --- */
     _authorization = null;
     /**
-     * --- 通过 header 或 _auth 获取 Basic Auth 鉴权信息 ---
+     * --- 通过 header 或 _auth 获取鉴权信息，支持 Basic Auth 和 Bearer Token ---
      */
     getAuthorization() {
         if (this._authorization !== null) {
@@ -664,15 +664,28 @@ export class Ctr {
         if (typeof auth !== 'string') {
             return false;
         }
-        let authArr = auth.split(' ');
-        if (authArr[1] === undefined) {
+        const spaceIdx = auth.indexOf(' ');
+        if (spaceIdx === -1) {
             return false;
         }
-        if (!(auth = lCrypto.base64Decode(authArr[1]))) {
+        const scheme = auth.slice(0, spaceIdx).toLowerCase();
+        const credential = auth.slice(spaceIdx + 1).trim();
+        if (!credential) {
             return false;
         }
-        authArr = auth.split(':');
-        this._authorization = { 'user': authArr[0], 'pwd': authArr[1] ?? '' };
+        if (scheme === 'bearer') {
+            this._authorization = { 'type': 'bearer', 'token': credential };
+            return this._authorization;
+        }
+        // --- Basic Auth: base64(user:pwd) ---
+        const decoded = lCrypto.base64Decode(credential);
+        if (!decoded) {
+            return false;
+        }
+        const colonIdx = decoded.indexOf(':');
+        const user = colonIdx === -1 ? decoded : decoded.slice(0, colonIdx);
+        const pwd = colonIdx === -1 ? '' : decoded.slice(colonIdx + 1);
+        this._authorization = { 'type': 'basic', 'user': user, 'pwd': pwd };
         return this._authorization;
     }
     /**

package/sys/route.js

@@ -227,8 +227,18 @@ export async function run(data) {
     if (data.req.headers['cookie']) {
         const hcookies = data.req.headers['cookie'].split(';');
         for (const cookie of hcookies) {
-            const co = cookie.split('=');
-            cookies[co[0].trim()] = decodeURIComponent(co[1]);
+            const eqIndex = cookie.indexOf('=');
+            if (eqIndex === -1) {
+                continue;
+            }
+            const key = cookie.slice(0, eqIndex).trim();
+            const rawVal = cookie.slice(eqIndex + 1);
+            try {
+                cookies[key] = decodeURIComponent(rawVal);
+            }
+            catch {
+                cookies[key] = rawVal;
+            }
         }
     }
     // --- 处理 headers ---
@@ -818,11 +828,30 @@ export function getPost(req) {
             return;
         }
         // --- json 或普通 post ---
+        /** --- POST body 最大允许 50 MB，防止攻击者发送超大请求体耗尽内存 --- */
+        const maxPostSize = 50 * 1024 * 1024;
         let buffer = Buffer.from('');
+        let overflow = false;
         req.on('data', function (chunk) {
+            if (overflow) {
+                return;
+            }
+            if (buffer.length + chunk.length > maxPostSize) {
+                overflow = true;
+                buffer = Buffer.from('');
+                return;
+            }
             buffer = Buffer.concat([buffer, chunk], buffer.length + chunk.length);
         });
         req.on('end', function () {
+            if (overflow) {
+                resolve({
+                    'input': '',
+                    'raw': {},
+                    'post': {},
+                });
+                return;
+            }
             const s = buffer.toString();
             if (!s) {
                 resolve({