@nest-omni/core 4.1.3-19 → 4.1.3-20

package/http-client/utils/call-stack-extractor.util.js

@@ -6,6 +6,33 @@ exports.CallStackExtractor = void 0;
  * 用于自动提取HTTP请求的调用服务和方法信息
  */
 class CallStackExtractor {
+    /**
+     * 设置装饰器上下文
+     */
+    static setDecoratorContext(context) {
+        // 只在最外层设置
+        if (this.decoratorContextDepth === 0) {
+            this.decoratorContext = context;
+        }
+        this.decoratorContextDepth++;
+    }
+    /**
+     * 获取装饰器上下文
+     */
+    static getDecoratorContext() {
+        return this.decoratorContext;
+    }
+    /**
+     * 清除装饰器上下文
+     */
+    static clearDecoratorContext() {
+        this.decoratorContextDepth--;
+        // 只在最外层清除
+        if (this.decoratorContextDepth <= 0) {
+            this.decoratorContext = null;
+            this.decoratorContextDepth = 0;
+        }
+    }
     /**
      * 从调用栈中提取服务和方法信息
      */
@@ -184,3 +211,11 @@ class CallStackExtractor {
     }
 }
 exports.CallStackExtractor = CallStackExtractor;
+/**
+ * 存储装饰器上下文（用于传递装饰器信息到HTTP客户端）
+ */
+CallStackExtractor.decoratorContext = null;
+/**
+ * 装饰器上下文引用计数，用于处理多个装饰器嵌套的情况
+ */
+CallStackExtractor.decoratorContextDepth = 0;

package/http-client/utils/security-validator.util.d.ts

@@ -0,0 +1,118 @@
+/**
+ * SSRF防护配置
+ */
+export interface SSRFProtectionConfig {
+    /** 是否启用SSRF防护 */
+    enabled: boolean;
+    /** 允许的URL协议 */
+    allowedProtocols: string[];
+    /** 禁止访问的IP段（私有网络、本地回环等） */
+    blockedIPRanges: string[];
+    /** 允许的主机名白名单 */
+    allowedHostnames?: string[];
+    /** 禁止的主机名黑名单 */
+    blockedHostnames?: string[];
+}
+/**
+ * URL验证配置
+ */
+export interface URLValidationConfig {
+    /** 最大URL长度 */
+    maxURLLength: number;
+    /** 是否允许本地回环地址 */
+    allowLoopback: boolean;
+    /** 是否允许私有网络地址 */
+    allowPrivateNetwork: boolean;
+    /** 是否允许Link-local地址 */
+    allowLinkLocal: boolean;
+}
+/**
+ * 安全验证工具类
+ * 提供URL验证、SSRF防护等功能
+ */
+export declare class SecurityValidator {
+    private static readonly logger;
+    /**
+     * 默认SSRF防护配置
+     */
+    private static readonly defaultSSRFConfig;
+    /**
+     * 默认URL验证配置
+     */
+    private static readonly defaultURLConfig;
+    /**
+     * 验证URL安全性
+     * @param url 要验证的URL字符串
+     * @param urlConfig URL验证配置
+     * @returns 验证结果和错误信息
+     */
+    static validateURL(url: string, urlConfig?: Partial<URLValidationConfig>): {
+        valid: boolean;
+        error?: string;
+    };
+    /**
+     * SSRF防护检查
+     * @param url 要检查的URL
+     * @param ssrfConfig SSRF防护配置
+     * @returns 检查结果和错误信息
+     */
+    static checkSSRF(url: string, ssrfConfig?: Partial<SSRFProtectionConfig>): {
+        safe: boolean;
+        error?: string;
+    };
+    /**
+     * 清理和验证URL
+     * 综合验证和SSRF防护
+     * @param url 要清理的URL
+     * @param config 完整的安全配置
+     * @returns 清理后的URL和验证结果
+     */
+    static sanitizeURL(url: string, config?: {
+        urlConfig?: Partial<URLValidationConfig>;
+        ssrfConfig?: Partial<SSRFProtectionConfig>;
+    }): {
+        url: string;
+        valid: boolean;
+        error?: string;
+    };
+    /**
+     * 从主机名中提取IP地址
+     */
+    private static extractIPAddress;
+    /**
+     * 验证IP地址
+     */
+    private static validateIPAddress;
+    /**
+     * 检查IP地址是否在阻止的范围内
+     */
+    private static checkIPRange;
+    /**
+     * 检查IP地址是否在指定范围内
+     * 简化版本，主要用于常见CIDR范围
+     */
+    private static isIPInRange;
+    /**
+     * 验证主机名格式
+     */
+    private static isValidHostname;
+    /**
+     * 敏感数据检测
+     * 检查数据中是否包含敏感信息（如密码、token等）
+     * @param data 要检查的数据对象
+     * @param additionalPatterns 额外的敏感数据模式
+     * @returns 检测结果
+     */
+    static detectSensitiveData(data: any, additionalPatterns?: RegExp[]): {
+        hasSensitiveData: boolean;
+        fields: string[];
+    };
+    /**
+     * 获取默认SSRF防护配置
+     */
+    static getDefaultSSRFConfig(): SSRFProtectionConfig;
+    /**
+     * 获取默认URL验证配置
+     */
+    static getDefaultURLConfig(): URLValidationConfig;
+}

package/http-client/utils/security-validator.util.js

@@ -0,0 +1,352 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityValidator = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * 安全验证工具类
+ * 提供URL验证、SSRF防护等功能
+ */
+class SecurityValidator {
+    /**
+     * 验证URL安全性
+     * @param url 要验证的URL字符串
+     * @param urlConfig URL验证配置
+     * @returns 验证结果和错误信息
+     */
+    static validateURL(url, urlConfig = {}) {
+        const config = Object.assign(Object.assign({}, this.defaultURLConfig), urlConfig);
+        // 检查URL长度
+        if (url.length > config.maxURLLength) {
+            return {
+                valid: false,
+                error: `URL length exceeds maximum allowed length of ${config.maxURLLength}`,
+            };
+        }
+        let parsedURL;
+        try {
+            parsedURL = new URL(url);
+        }
+        catch (error) {
+            return {
+                valid: false,
+                error: `Invalid URL format: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // 检查协议
+        if (!['http:', 'https:', 'ws:', 'wss:'].includes(parsedURL.protocol)) {
+            return {
+                valid: false,
+                error: `Unsupported protocol: ${parsedURL.protocol}`,
+            };
+        }
+        // 检查主机名
+        if (!parsedURL.hostname) {
+            return {
+                valid: false,
+                error: 'Hostname is required',
+            };
+        }
+        // 检查是否为IP地址
+        const ipAddress = this.extractIPAddress(parsedURL.hostname);
+        if (ipAddress) {
+            return this.validateIPAddress(ipAddress, config);
+        }
+        // 检查主机名格式
+        if (!this.isValidHostname(parsedURL.hostname)) {
+            return {
+                valid: false,
+                error: `Invalid hostname format: ${parsedURL.hostname}`,
+            };
+        }
+        return { valid: true };
+    }
+    /**
+     * SSRF防护检查
+     * @param url 要检查的URL
+     * @param ssrfConfig SSRF防护配置
+     * @returns 检查结果和错误信息
+     */
+    static checkSSRF(url, ssrfConfig = {}) {
+        const config = Object.assign(Object.assign({}, this.defaultSSRFConfig), ssrfConfig);
+        if (!config.enabled) {
+            return { safe: true };
+        }
+        let parsedURL;
+        try {
+            parsedURL = new URL(url);
+        }
+        catch (error) {
+            return {
+                safe: false,
+                error: `Invalid URL format: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // 检查协议
+        if (!config.allowedProtocols.includes(parsedURL.protocol)) {
+            return {
+                safe: false,
+                error: `Protocol not allowed: ${parsedURL.protocol}`,
+            };
+        }
+        // 检查黑名单主机名
+        if (config.blockedHostnames) {
+            if (config.blockedHostnames.includes(parsedURL.hostname)) {
+                return {
+                    safe: false,
+                    error: `Hostname is blocked: ${parsedURL.hostname}`,
+                };
+            }
+        }
+        // 检查白名单主机名（如果配置了）
+        if (config.allowedHostnames && config.allowedHostnames.length > 0) {
+            if (!config.allowedHostnames.includes(parsedURL.hostname)) {
+                return {
+                    safe: false,
+                    error: `Hostname not in whitelist: ${parsedURL.hostname}`,
+                };
+            }
+        }
+        // 检查IP地址范围
+        const ipAddress = this.extractIPAddress(parsedURL.hostname);
+        if (ipAddress) {
+            const ipCheck = this.checkIPRange(ipAddress, config.blockedIPRanges);
+            if (!ipCheck.allowed) {
+                return {
+                    safe: false,
+                    error: `IP address is blocked: ${ipAddress} (${ipCheck.reason})`,
+                };
+            }
+        }
+        return { safe: true };
+    }
+    /**
+     * 清理和验证URL
+     * 综合验证和SSRF防护
+     * @param url 要清理的URL
+     * @param config 完整的安全配置
+     * @returns 清理后的URL和验证结果
+     */
+    static sanitizeURL(url, config = {}) {
+        // 去除首尾空格
+        let sanitizedURL = url.trim();
+        // 移除可能的换行符和控制字符
+        sanitizedURL = sanitizedURL.replace(/[\r\n\t]/g, '');
+        // 验证URL格式
+        const validationResult = this.validateURL(sanitizedURL, config.urlConfig);
+        if (!validationResult.valid) {
+            return { url: sanitizedURL, valid: false, error: validationResult.error };
+        }
+        // SSRF防护检查
+        const ssrfResult = this.checkSSRF(sanitizedURL, config.ssrfConfig);
+        if (!ssrfResult.safe) {
+            return { url: sanitizedURL, valid: false, error: ssrfResult.error };
+        }
+        return { url: sanitizedURL, valid: true };
+    }
+    /**
+     * 从主机名中提取IP地址
+     */
+    static extractIPAddress(hostname) {
+        // IPv4地址
+        const ipv4Regex = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
+        const ipv4Match = hostname.match(ipv4Regex);
+        if (ipv4Match) {
+            return hostname;
+        }
+        // IPv6地址（简化版）
+        if (hostname.includes(':') && !hostname.includes('.')) {
+            return hostname;
+        }
+        return null;
+    }
+    /**
+     * 验证IP地址
+     */
+    static validateIPAddress(ipAddress, config) {
+        // 检查是否为本地回环地址
+        if (!config.allowLoopback) {
+            if (ipAddress === '127.0.0.1' || ipAddress === '::1' || ipAddress.startsWith('127.')) {
+                return {
+                    valid: false,
+                    error: 'Loopback addresses are not allowed',
+                };
+            }
+        }
+        // 检查是否为私有网络地址
+        if (!config.allowPrivateNetwork) {
+            if (ipAddress.startsWith('10.') ||
+                ipAddress.startsWith('172.16.') ||
+                ipAddress.startsWith('192.168.') ||
+                ipAddress.startsWith('fc00:') ||
+                ipAddress.startsWith('fd')) {
+                return {
+                    valid: false,
+                    error: 'Private network addresses are not allowed',
+                };
+            }
+        }
+        // 检查是否为Link-local地址
+        if (!config.allowLinkLocal) {
+            if (ipAddress.startsWith('169.254.') || ipAddress.startsWith('fe80:')) {
+                return {
+                    valid: false,
+                    error: 'Link-local addresses are not allowed',
+                };
+            }
+        }
+        return { valid: true };
+    }
+    /**
+     * 检查IP地址是否在阻止的范围内
+     */
+    static checkIPRange(ipAddress, blockedRanges) {
+        for (const range of blockedRanges) {
+            if (this.isIPInRange(ipAddress, range)) {
+                return {
+                    allowed: false,
+                    reason: `IP address is in blocked range: ${range}`,
+                };
+            }
+        }
+        return { allowed: true };
+    }
+    /**
+     * 检查IP地址是否在指定范围内
+     * 简化版本，主要用于常见CIDR范围
+     */
+    static isIPInRange(ipAddress, cidrRange) {
+        // 处理IPv4 CIDR
+        const [range, prefixStr] = cidrRange.split('/');
+        const prefix = parseInt(prefixStr, 10);
+        // 精确匹配
+        if (ipAddress === range) {
+            return true;
+        }
+        // 简化的CIDR匹配（仅支持常见范围）
+        if (cidrRange.includes('/')) {
+            // IPv4范围检查
+            if (range.includes('.') && ipAddress.includes('.')) {
+                const rangeParts = range.split('.').map(Number);
+                const ipParts = ipAddress.split('.').map(Number);
+                if (prefix === 8) {
+                    return ipParts[0] === rangeParts[0];
+                }
+                else if (prefix === 16) {
+                    return ipParts[0] === rangeParts[0] && ipParts[1] === rangeParts[1];
+                }
+                else if (prefix === 24) {
+                    return (ipParts[0] === rangeParts[0] &&
+                        ipParts[1] === rangeParts[1] &&
+                        ipParts[2] === rangeParts[2]);
+                }
+            }
+        }
+        return false;
+    }
+    /**
+     * 验证主机名格式
+     */
+    static isValidHostname(hostname) {
+        // RFC 1123主机名规范
+        const hostnameRegex = /^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$/;
+        return hostnameRegex.test(hostname);
+    }
+    /**
+     * 敏感数据检测
+     * 检查数据中是否包含敏感信息（如密码、token等）
+     * @param data 要检查的数据对象
+     * @param additionalPatterns 额外的敏感数据模式
+     * @returns 检测结果
+     */
+    static detectSensitiveData(data, additionalPatterns = []) {
+        const sensitiveFields = [];
+        // 默认敏感字段名模式
+        const defaultPatterns = [
+            /password/i,
+            /secret/i,
+            /token/i,
+            /api[_-]?key/i,
+            /authorization/i,
+            /credential/i,
+            /private[_-]?key/i,
+            /access[_-]?token/i,
+            /refresh[_-]?token/i,
+            /session[_-]?id/i,
+            /csrf/i,
+            /ssn/i,
+            /credit[_-]?card/i,
+        ];
+        const allPatterns = [...defaultPatterns, ...additionalPatterns];
+        const checkObject = (obj, path = '') => {
+            if (!obj || typeof obj !== 'object') {
+                return;
+            }
+            for (const key in obj) {
+                if (!obj.hasOwnProperty(key)) {
+                    continue;
+                }
+                const currentPath = path ? `${path}.${key}` : key;
+                // 检查键名是否匹配敏感模式
+                if (allPatterns.some((pattern) => pattern.test(key))) {
+                    sensitiveFields.push(currentPath);
+                }
+                // 递归检查嵌套对象
+                if (typeof obj[key] === 'object' && obj[key] !== null) {
+                    checkObject(obj[key], currentPath);
+                }
+            }
+        };
+        checkObject(data);
+        return {
+            hasSensitiveData: sensitiveFields.length > 0,
+            fields: sensitiveFields,
+        };
+    }
+    /**
+     * 获取默认SSRF防护配置
+     */
+    static getDefaultSSRFConfig() {
+        return Object.assign({}, this.defaultSSRFConfig);
+    }
+    /**
+     * 获取默认URL验证配置
+     */
+    static getDefaultURLConfig() {
+        return Object.assign({}, this.defaultURLConfig);
+    }
+}
+exports.SecurityValidator = SecurityValidator;
+SecurityValidator.logger = new common_1.Logger(SecurityValidator.name);
+/**
+ * 默认SSRF防护配置
+ */
+SecurityValidator.defaultSSRFConfig = {
+    enabled: true,
+    allowedProtocols: ['http:', 'https:'],
+    blockedIPRanges: [
+        '127.0.0.0/8', // Loopback
+        '10.0.0.0/8', // Private Class A
+        '172.16.0.0/12', // Private Class B
+        '192.168.0.0/16', // Private Class C
+        '169.254.0.0/16', // Link-local
+        '::1/128', // IPv6 loopback
+        'fc00::/7', // IPv6 private
+        'fe80::/10', // IPv6 link-local
+        '0.0.0.0/8', // Current network
+    ],
+    allowedHostnames: undefined,
+    blockedHostnames: [
+        'localhost',
+        'metadata.google.internal', // GCP metadata
+        '169.254.169.254', // AWS/GCP/Azure metadata
+    ],
+};
+/**
+ * 默认URL验证配置
+ */
+SecurityValidator.defaultURLConfig = {
+    maxURLLength: 2000,
+    allowLoopback: false,
+    allowPrivateNetwork: false,
+    allowLinkLocal: false,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nest-omni/core",
-  "version": "4.1.3-19",
+  "version": "4.1.3-20",
   "description": "A comprehensive NestJS framework for building enterprise-grade applications with best practices",
   "main": "index.js",
   "types": "index.d.ts",

package/redis-lock/lock-heartbeat.service.d.ts

@@ -68,6 +68,8 @@ export declare class LockHeartbeatService implements OnModuleInit, OnModuleDestr
     /**
      * Get all active instances (with heartbeat)
      *
+     * **Note**: Uses SCAN command to avoid blocking Redis in production.
+     *
      * @returns Array of instance IDs that are currently alive
      */
     getActiveInstances(): Promise<string[]>;

package/redis-lock/lock-heartbeat.service.js

@@ -182,6 +182,8 @@ let LockHeartbeatService = LockHeartbeatService_1 = class LockHeartbeatService {
     /**
      * Get all active instances (with heartbeat)
      *
+     * **Note**: Uses SCAN command to avoid blocking Redis in production.
+     *
      * @returns Array of instance IDs that are currently alive
      */
     getActiveInstances() {
@@ -190,8 +192,16 @@ let LockHeartbeatService = LockHeartbeatService_1 = class LockHeartbeatService {
                 return [];
             }
             try {
-                const keys = yield this.redis.keys('heartbeat:*');
-                return keys.map((key) => key.replace('heartbeat:', ''));
+                let cursor = '0';
+                const pattern = 'heartbeat:*';
+                const allKeys = [];
+                // Use SCAN to iterate through keys without blocking Redis
+                do {
+                    const [nextCursor, keys] = yield this.redis.scan(cursor, 'MATCH', pattern, 'COUNT', 100);
+                    cursor = nextCursor;
+                    allKeys.push(...keys);
+                } while (cursor !== '0');
+                return allKeys.map((key) => key.replace('heartbeat:', ''));
             }
             catch (error) {
                 this.logger.error('Error getting active instances:', error);

package/redis-lock/redis-lock.service.d.ts

@@ -247,6 +247,8 @@ export declare class RedisLockService implements OnModuleInit {
      *
      * WARNING: Use with caution in production! This will forcefully delete locks.
      *
+     * **Note**: Uses SCAN command to avoid blocking Redis in production.
+     *
      * @param pattern - Lock pattern (e.g., 'MyService:*' or '*:migration:*')
      * @param keyPrefix - Key prefix (default: 'lock')
      * @returns Number of locks deleted
@@ -299,6 +301,8 @@ export declare class RedisLockService implements OnModuleInit {
      * Get all active locks with optional pattern filtering
      * Useful for monitoring and debugging
      *
+     * **Note**: Uses SCAN command to avoid blocking Redis in production.
+     *
      * @param pattern - Optional pattern to filter locks (e.g., 'MyService:*')
      * @param keyPrefix - Key prefix (default: 'lock')
      * @returns Array of active lock information

package/redis-lock/redis-lock.service.js

@@ -175,6 +175,34 @@ let RedisLockService = RedisLockService_1 = class RedisLockService {
             var _a, _b, _c, _d, _e;
             const redis = yield this.getRedis();
             const opts = Object.assign(Object.assign({}, this.defaultOptions), options);
+            // Validate TTL
+            if (opts.ttl !== undefined) {
+                if (typeof opts.ttl !== 'number' || opts.ttl <= 0) {
+                    this.logger.warn(`Invalid TTL value: ${opts.ttl}. TTL must be a positive number. Using default TTL: ${this.defaultOptions.ttl}ms`);
+                    opts.ttl = this.defaultOptions.ttl;
+                }
+            }
+            // Validate waitTimeout
+            if (opts.waitTimeout !== undefined) {
+                if (typeof opts.waitTimeout !== 'number' || opts.waitTimeout <= 0) {
+                    this.logger.warn(`Invalid waitTimeout value: ${opts.waitTimeout}. waitTimeout must be a positive number. Ignoring waitTimeout.`);
+                    opts.waitTimeout = undefined;
+                }
+            }
+            // Validate retryCount
+            if (opts.retryCount !== undefined) {
+                if (typeof opts.retryCount !== 'number' || opts.retryCount < 0) {
+                    this.logger.warn(`Invalid retryCount value: ${opts.retryCount}. retryCount must be a non-negative number. Using default: ${this.defaultOptions.retryCount}`);
+                    opts.retryCount = this.defaultOptions.retryCount;
+                }
+            }
+            // Validate retryDelay
+            if (opts.retryDelay !== undefined) {
+                if (typeof opts.retryDelay !== 'number' || opts.retryDelay <= 0) {
+                    this.logger.warn(`Invalid retryDelay value: ${opts.retryDelay}. retryDelay must be a positive number. Using default: ${this.defaultOptions.retryDelay}ms`);
+                    opts.retryDelay = this.defaultOptions.retryDelay;
+                }
+            }
             // Handle backward compatibility: if throwOnFailure is true, use THROW strategy
             if (opts.throwOnFailure && !options.strategy) {
                 opts.strategy = LockStrategy.THROW;
@@ -471,6 +499,8 @@ let RedisLockService = RedisLockService_1 = class RedisLockService {
      *
      * WARNING: Use with caution in production! This will forcefully delete locks.
      *
+     * **Note**: Uses SCAN command to avoid blocking Redis in production.
+     *
      * @param pattern - Lock pattern (e.g., 'MyService:*' or '*:migration:*')
      * @param keyPrefix - Key prefix (default: 'lock')
      * @returns Number of locks deleted
@@ -489,14 +519,28 @@ let RedisLockService = RedisLockService_1 = class RedisLockService {
             const redis = yield this.getRedis();
             const searchPattern = `${keyPrefix}:${pattern}`;
             try {
-                const keys = yield redis.keys(searchPattern);
-                if (keys.length === 0) {
+                let cursor = '0';
+                const allKeys = [];
+                // Use SCAN to iterate through keys without blocking Redis
+                do {
+                    const [nextCursor, keys] = yield redis.scan(cursor, 'MATCH', searchPattern, 'COUNT', 100);
+                    cursor = nextCursor;
+                    allKeys.push(...keys);
+                } while (cursor !== '0');
+                if (allKeys.length === 0) {
                     this.logger.debug(`No locks found matching pattern: ${searchPattern}`);
                     return 0;
                 }
-                const result = yield redis.del(...keys);
-                this.logger.log(`Cleaned up ${result} lock(s) matching pattern: ${searchPattern}`);
-                return result;
+                // Delete keys in batches to avoid blocking Redis
+                let deletedCount = 0;
+                const batchSize = 100;
+                for (let i = 0; i < allKeys.length; i += batchSize) {
+                    const batch = allKeys.slice(i, i + batchSize);
+                    const result = yield redis.del(...batch);
+                    deletedCount += result;
+                }
+                this.logger.log(`Cleaned up ${deletedCount} lock(s) matching pattern: ${searchPattern}`);
+                return deletedCount;
             }
             catch (error) {
                 this.logger.error(`Error cleaning up locks by pattern ${searchPattern}: ${error.message}`, error.stack);
@@ -578,6 +622,8 @@ let RedisLockService = RedisLockService_1 = class RedisLockService {
      * Get all active locks with optional pattern filtering
      * Useful for monitoring and debugging
      *
+     * **Note**: Uses SCAN command to avoid blocking Redis in production.
+     *
      * @param pattern - Optional pattern to filter locks (e.g., 'MyService:*')
      * @param keyPrefix - Key prefix (default: 'lock')
      * @returns Array of active lock information
@@ -587,11 +633,18 @@ let RedisLockService = RedisLockService_1 = class RedisLockService {
             const redis = yield this.getRedis();
             const searchPattern = `${keyPrefix}:${pattern}`;
             try {
-                const keys = yield redis.keys(searchPattern);
-                if (keys.length === 0) {
+                let cursor = '0';
+                const allKeys = [];
+                // Use SCAN to iterate through keys without blocking Redis
+                do {
+                    const [nextCursor, keys] = yield redis.scan(cursor, 'MATCH', searchPattern, 'COUNT', 100);
+                    cursor = nextCursor;
+                    allKeys.push(...keys);
+                } while (cursor !== '0');
+                if (allKeys.length === 0) {
                     return [];
                 }
-                const locks = yield Promise.all(keys.map((key) => __awaiter(this, void 0, void 0, function* () {
+                const locks = yield Promise.all(allKeys.map((key) => __awaiter(this, void 0, void 0, function* () {
                     const [value, ttl] = yield Promise.all([
                         redis.get(key),
                         redis.pttl(key),