@nocobase/plugin-logger 1.8.15 → 1.8.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/externalVersion.js +4 -4
  2. package/dist/node_modules/tar-fs/package.json +1 -1
  3. package/dist/server/resourcer/logger.js +17 -11
  4. package/package.json +2 -2
package/dist/externalVersion.js CHANGED
@@ -8,14 +8,14 @@
8
8
  */
9
9
 
10
10
  module.exports = {
11
- "@nocobase/client": "1.8.15",
11
+ "@nocobase/client": "1.8.17",
12
12
  "react": "18.2.0",
13
13
  "antd": "5.24.2",
14
14
  "@ant-design/icons": "5.6.1",
15
15
  "ahooks": "3.7.8",
16
- "@nocobase/server": "1.8.15",
16
+ "@nocobase/server": "1.8.17",
17
17
  "react-i18next": "11.18.6",
18
- "@nocobase/actions": "1.8.15",
19
- "@nocobase/logger": "1.8.15",
18
+ "@nocobase/actions": "1.8.17",
19
+ "@nocobase/logger": "1.8.17",
20
20
  "lodash": "4.17.21"
21
21
  };
package/dist/node_modules/tar-fs/package.json CHANGED
@@ -1 +1 @@
1
- {"name":"tar-fs","version":"3.0.4","description":"filesystem bindings for tar-stream","dependencies":{"mkdirp-classic":"^0.5.2","pump":"^3.0.0","tar-stream":"^3.1.5"},"files":["index.js"],"standard":{"ignore":["test/fixtures/**"]},"keywords":["tar","fs","file","tarball","directory","stream"],"devDependencies":{"brittle":"^3.1.3","rimraf":"^2.6.3","standard":"^17.0.1"},"scripts":{"test":"standard && brittle test/index.js"},"bugs":{"url":"https://github.com/mafintosh/tar-fs/issues"},"homepage":"https://github.com/mafintosh/tar-fs","main":"index.js","directories":{"test":"test"},"author":"Mathias Buus","license":"MIT","repository":{"type":"git","url":"https://github.com/mafintosh/tar-fs.git"},"_lastModified":"2025-08-11T16:30:57.765Z"}
1
+ {"name":"tar-fs","version":"3.0.4","description":"filesystem bindings for tar-stream","dependencies":{"mkdirp-classic":"^0.5.2","pump":"^3.0.0","tar-stream":"^3.1.5"},"files":["index.js"],"standard":{"ignore":["test/fixtures/**"]},"keywords":["tar","fs","file","tarball","directory","stream"],"devDependencies":{"brittle":"^3.1.3","rimraf":"^2.6.3","standard":"^17.0.1"},"scripts":{"test":"standard && brittle test/index.js"},"bugs":{"url":"https://github.com/mafintosh/tar-fs/issues"},"homepage":"https://github.com/mafintosh/tar-fs","main":"index.js","directories":{"test":"test"},"author":"Mathias Buus","license":"MIT","repository":{"type":"git","url":"https://github.com/mafintosh/tar-fs.git"},"_lastModified":"2025-08-15T14:03:26.104Z"}
package/dist/server/resourcer/logger.js CHANGED
@@ -81,7 +81,7 @@ const getLastestLogs = async (path) => {
81
81
  return prefixes.map(getLatestLog).filter((file) => file);
82
82
  };
83
83
  const tarFiles = (path, files) => {
84
- return new Promise((resolve, reject) => {
84
+ return new Promise((resolve2, reject) => {
85
85
  const passthrough = new import_stream.default.PassThrough();
86
86
  const gz = import_zlib.default.createGzip();
87
87
  (0, import_tar_fs.pack)(path, {
@@ -95,7 +95,7 @@ const tarFiles = (path, files) => {
95
95
  gz.write(chunk);
96
96
  }).on("end", () => {
97
97
  gz.end();
98
- resolve(gz);
98
+ resolve2(gz);
99
99
  }).on("error", (err) => reject(err));
100
100
  gz.on("error", (err) => reject(err));
101
101
  });
@@ -135,20 +135,26 @@ var logger_default = {
135
135
  },
136
136
  download: async (ctx, next) => {
137
137
  const path = (0, import_logger.getLoggerFilePath)(ctx.app.name || "main");
138
- let { files = [] } = ctx.action.params.values || {};
139
- const invalid = files.some((file) => !file.endsWith(".log"));
140
- if (invalid) {
141
- ctx.throw(400, ctx.t("Invalid file type: ") + invalid);
138
+ const { files = [] } = ctx.action.params.values || {};
139
+ if (!files.length) {
140
+ ctx.throw(400, ctx.t("No files selected."));
142
141
  }
143
- files = files.map((file) => {
144
- if (file.startsWith("/")) {
145
- return file.slice(1);
142
+ const safeFiles = files.map((f) => {
143
+ const name = f.startsWith("/") ? f.slice(1) : f;
144
+ const safeName = (0, import_path.normalize)(decodeURIComponent(name));
145
+ if (!safeName.endsWith(".log")) {
146
+ ctx.throw(400, ctx.t("Invalid file type."));
147
+ }
148
+ const fullPath = (0, import_path.resolve)(path, safeName);
149
+ const relativePath = (0, import_path.relative)(path, fullPath);
150
+ if (relativePath.startsWith("..") || (0, import_path.isAbsolute)(relativePath) || relativePath.includes("\0")) {
151
+ ctx.throw(400, ctx.t("Invalid file path."));
146
152
  }
147
- return file;
153
+ return safeName;
148
154
  });
149
155
  try {
150
156
  ctx.attachment("logs.tar.gz");
151
- ctx.body = await tarFiles(path, files);
157
+ ctx.body = await tarFiles(path, safeFiles);
152
158
  } catch (err) {
153
159
  ctx.log.error(`download error: ${err.message}`, { files, err: err.stack });
154
160
  ctx.throw(500, ctx.t("Download logs failed."));
package/package.json CHANGED
@@ -4,7 +4,7 @@
4
4
  "displayName.zh-CN": "日志",
5
5
  "description": "Server-side logs, mainly including API request logs and system runtime logs, and allows to package and download log files.",
6
6
  "description.zh-CN": "服务端日志,主要包括接口请求日志和系统运行日志,并支持打包和下载日志文件。",
7
- "version": "1.8.15",
7
+ "version": "1.8.17",
8
8
  "license": "AGPL-3.0",
9
9
  "main": "dist/server/index.js",
10
10
  "homepage": "https://docs.nocobase.com/handbook/logger",
@@ -19,7 +19,7 @@
19
19
  "@nocobase/server": "1.x",
20
20
  "@nocobase/test": "1.x"
21
21
  },
22
- "gitHead": "6cbf5a6ef2023ebaedce11c60351df858d4832b2",
22
+ "gitHead": "ded4d65224fac2fdef2b69131530061347c5d84d",
23
23
  "keywords": [
24
24
  "Logging and monitoring"
25
25
  ]