@nocobase/server 1.5.0-beta.2 → 1.5.0-beta.20

package/lib/application.d.ts

@@ -15,6 +15,7 @@ import Database, { CollectionOptions, IDatabaseOptions } from '@nocobase/databas
 import { Logger, LoggerOptions, RequestLoggerOptions, SystemLogger, SystemLoggerOptions } from '@nocobase/logger';
 import { ResourceOptions, Resourcer } from '@nocobase/resourcer';
 import { Telemetry, TelemetryOptions } from '@nocobase/telemetry';
+import { LockManager, LockManagerOptions } from '@nocobase/lock-manager';
 import { AsyncEmitter, ToposortOptions } from '@nocobase/utils';
 import { Command, CommandOptions, ParseOptions } from 'commander';
 import { IncomingMessage, ServerResponse } from 'http';
@@ -28,7 +29,10 @@ import { ApplicationVersion } from './helpers/application-version';
 import { Locale } from './locale';
 import { Plugin } from './plugin';
 import { InstallOptions, PluginManager } from './plugin-manager';
-import { SyncManager } from './sync-manager';
+import { PubSubManager, PubSubManagerOptions } from './pub-sub-manager';
+import { SyncMessageManager } from './sync-message-manager';
+import { ServiceContainer } from './service-container';
+import { AuditManager } from './audit-manager';
 export type PluginType = string | typeof Plugin;
 export type PluginConfiguration = PluginType | [PluginType, any];
 export interface ResourceManagerOptions {
@@ -58,6 +62,8 @@ export interface ApplicationOptions {
      */
     resourcer?: ResourceManagerOptions;
     resourceManager?: ResourceManagerOptions;
+    pubSubManager?: PubSubManagerOptions;
+    syncMessageManager?: any;
     bodyParser?: any;
     cors?: any;
     dataWrapping?: boolean;
@@ -72,6 +78,8 @@ export interface ApplicationOptions {
     pmSock?: string;
     name?: string;
     authManager?: AuthManagerOptions;
+    auditManager?: AuditManager;
+    lockManager?: LockManagerOptions;
     /**
      * @internal
      */
@@ -152,7 +160,8 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
     /**
      * @internal
      */
-    syncManager: SyncManager;
+    pubSubManager: PubSubManager;
+    syncMessageManager: SyncMessageManager;
     requestLogger: Logger;
     protected plugins: Map<string, Plugin<any>>;
     protected _appSupervisor: AppSupervisor;
@@ -161,6 +170,8 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
     private _maintainingCommandStatus;
     private _maintainingStatusBeforeCommand;
     private _actionCommand;
+    container: ServiceContainer;
+    lockManager: LockManager;
     constructor(options: ApplicationOptions);
     private static staticCommands;
     static addCommand(callback: (app: Application) => void): void;
@@ -212,6 +223,8 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
     get acl(): import("@nocobase/acl").ACL;
     protected _authManager: AuthManager;
     get authManager(): AuthManager;
+    protected _auditManager: AuditManager;
+    get auditManager(): AuditManager;
     protected _locales: Locale;
     /**
      * This method is deprecated and should not be used.

package/lib/application.js

@@ -49,6 +49,7 @@ var import_data_source_manager = require("@nocobase/data-source-manager");
 var import_database = __toESM(require("@nocobase/database"));
 var import_logger = require("@nocobase/logger");
 var import_telemetry = require("@nocobase/telemetry");
+var import_lock_manager = require("@nocobase/lock-manager");
 var import_utils = require("@nocobase/utils");
 var import_crypto = require("crypto");
 var import_glob = __toESM(require("glob"));
@@ -72,8 +73,12 @@ var import_middlewares = require("./middlewares");
 var import_data_template = require("./middlewares/data-template");
 var import_validate_filter_params = __toESM(require("./middlewares/validate-filter-params"));
 var import_plugin_manager = require("./plugin-manager");
-var import_sync_manager = require("./sync-manager");
+var import_pub_sub_manager = require("./pub-sub-manager");
+var import_sync_message_manager = require("./sync-message-manager");
 var import_package = __toESM(require("../package.json"));
+var import_service_container = require("./service-container");
+var import_available_action = require("./acl/available-action");
+var import_audit_manager = require("./audit-manager");
 const _Application = class _Application extends import_koa.default {
   constructor(options) {
     super();
@@ -112,7 +117,8 @@ const _Application = class _Application extends import_koa.default {
   /**
    * @internal
    */
-  syncManager;
+  pubSubManager;
+  syncMessageManager;
   requestLogger;
   plugins = /* @__PURE__ */ new Map();
   _appSupervisor = import_app_supervisor.AppSupervisor.getInstance();
@@ -121,6 +127,8 @@ const _Application = class _Application extends import_koa.default {
   _maintainingCommandStatus;
   _maintainingStatusBeforeCommand;
   _actionCommand;
+  container = new import_service_container.ServiceContainer();
+  lockManager;
   static addCommand(callback) {
     this.staticCommands.push(callback);
   }
@@ -214,6 +222,10 @@ const _Application = class _Application extends import_koa.default {
   get authManager() {
     return this._authManager;
   }
+  _auditManager;
+  get auditManager() {
+    return this._auditManager;
+  }
   _locales;
   /**
    * This method is deprecated and should not be used.
@@ -346,6 +358,9 @@ const _Application = class _Application extends import_koa.default {
     if (this.cacheManager) {
       await this.cacheManager.close();
     }
+    if (this.pubSubManager) {
+      await this.pubSubManager.close();
+    }
     if (this.telemetry.started) {
       await this.telemetry.shutdown();
     }
@@ -820,7 +835,12 @@ const _Application = class _Application extends import_koa.default {
     this._cronJobManager = new import_cron_job_manager.CronJobManager(this);
     this._cli = this.createCLI();
     this._i18n = (0, import_helper.createI18n)(options);
-    this.syncManager = new import_sync_manager.SyncManager(this);
+    this.pubSubManager = (0, import_pub_sub_manager.createPubSubManager)(this, options.pubSubManager);
+    this.syncMessageManager = new import_sync_message_manager.SyncMessageManager(this, options.syncMessageManager);
+    this.lockManager = new import_lock_manager.LockManager({
+      defaultAdapter: process.env.LOCK_ADAPTER_DEFAULT,
+      ...options.lockManager
+    });
     this.context.db = this.db;
     this.context.resourcer = this.resourceManager;
     this.context.resourceManager = this.resourceManager;
@@ -841,10 +861,18 @@ const _Application = class _Application extends import_koa.default {
       default: "basic",
       ...this.options.authManager || {}
     });
+    this._auditManager = new import_audit_manager.AuditManager();
     this.resourceManager.define({
       name: "auth",
       actions: import_auth.actions
     });
+    this._dataSourceManager.afterAddDataSource((dataSource) => {
+      if (dataSource.collectionManager instanceof import_data_source_manager.SequelizeCollectionManager) {
+        for (const [actionName, actionParams] of Object.entries(import_available_action.availableActions)) {
+          dataSource.acl.setAvailableAction(actionName, actionParams);
+        }
+      }
+    });
     this._dataSourceManager.use(this._authManager.middleware(), { tag: "auth" });
     this._dataSourceManager.use(import_validate_filter_params.default, { tag: "validate-filter-params", before: ["auth"] });
     this._dataSourceManager.use(import_middlewares.parseVariables, {

package/lib/audit-manager/index.d.ts

@@ -0,0 +1,115 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context } from '@nocobase/actions';
+export interface AuditLog {
+    uuid: string;
+    dataSource: string;
+    resource: string;
+    action: string;
+    sourceCollection?: string;
+    sourceRecordUK?: string;
+    targetCollection?: string;
+    targetRecordUK?: string;
+    userId: string;
+    roleName: string;
+    ip: string;
+    ua: string;
+    status: number;
+    metadata?: Record<string, any>;
+}
+export interface UserInfo {
+    userId?: string;
+    roleName?: string;
+}
+export interface SourceAndTarget {
+    sourceCollection?: string;
+    sourceRecordUK?: string;
+    targetCollection?: string;
+    targetRecordUK?: string;
+}
+export interface AuditLogger {
+    log(auditLog: AuditLog): Promise<void>;
+}
+type Action = string | {
+    name: string;
+    getMetaData?: (ctx: Context) => Promise<Record<string, any>>;
+    getUserInfo?: (ctx: Context) => Promise<UserInfo>;
+    getSourceAndTarget?: (ctx: Context) => Promise<SourceAndTarget>;
+};
+export declare class AuditManager {
+    logger: AuditLogger;
+    resources: Map<string, Map<string, Action>>;
+    constructor();
+    setLogger(logger: AuditLogger): void;
+    /**
+     * 注册需要参与审计的资源和操作，支持几种写法
+     *
+     * 对所有资源生效；
+     * registerActions(['create'])
+     *
+     * 对某个资源的所有操作生效 resource:*
+     * registerActions(['app:*'])
+     *
+     * 对某个资源的某个操作生效 resouce:action
+     * registerAction(['pm:update'])
+     *
+     * 支持传getMetaData方法
+     *
+     * registerActions([
+     *  'create',
+     *  { name: 'auth:signIn', getMetaData}
+     * ])
+     *
+     * 支持传getUserInfo方法
+     *
+     * registerActions([
+     * 'create',
+     * { name: 'auth:signIn', getUserInfo }
+     * ])
+     *
+     * 当注册的接口有重叠时，颗粒度细的注册方法优先级更高
+     *
+     * Action1: registerActions(['create']);
+     *
+     * Action2: registerAction([{ name: 'user:*', getMetaData }]);
+     *
+     * Action3: registerAction([{ name: 'user:create', getMetaData }]);
+     *
+     * 对于user:create接口，以上优先级顺序是 Action3 > Action2 > Action1
+     *
+     * @param actions 操作列表
+     */
+    registerActions(actions: Action[]): void;
+    /**
+     * 注册单个操作，支持的用法同registerActions
+     * @param action 操作
+     */
+    registerAction(action: Action): void;
+    getAction(action: string, resource?: string): Action;
+    getDefaultMetaData(ctx: any): Promise<{
+        request: {
+            params: any;
+            query: any;
+            body: any;
+            path: any;
+            headers: {
+                'x-authenticator': any;
+                'x-locale': any;
+                'x-timezone': any;
+            };
+        };
+        response: {
+            body: any;
+        };
+    }>;
+    formatAuditData(ctx: Context): AuditLog;
+    output(ctx: any, reqId: any, metadata?: Record<string, any>): Promise<void>;
+    middleware(): (ctx: any, next: any) => Promise<void>;
+}
+export {};

package/lib/audit-manager/index.js

@@ -0,0 +1,330 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var audit_manager_exports = {};
+__export(audit_manager_exports, {
+  AuditManager: () => AuditManager
+});
+module.exports = __toCommonJS(audit_manager_exports);
+var import_stream = __toESM(require("stream"));
+function isStream(obj) {
+  return obj instanceof import_stream.default.Readable || obj instanceof import_stream.default.Writable || obj instanceof import_stream.default.Duplex || obj instanceof import_stream.default.Transform;
+}
+__name(isStream, "isStream");
+const _AuditManager = class _AuditManager {
+  logger;
+  resources;
+  constructor() {
+    this.resources = /* @__PURE__ */ new Map();
+  }
+  setLogger(logger) {
+    this.logger = logger;
+  }
+  /**
+   * 注册需要参与审计的资源和操作，支持几种写法
+   *
+   * 对所有资源生效；
+   * registerActions(['create'])
+   *
+   * 对某个资源的所有操作生效 resource:*
+   * registerActions(['app:*'])
+   *
+   * 对某个资源的某个操作生效 resouce:action
+   * registerAction(['pm:update'])
+   *
+   * 支持传getMetaData方法
+   *
+   * registerActions([
+   *  'create',
+   *  { name: 'auth:signIn', getMetaData}
+   * ])
+   *
+   * 支持传getUserInfo方法
+   *
+   * registerActions([
+   * 'create',
+   * { name: 'auth:signIn', getUserInfo }
+   * ])
+   *
+   * 当注册的接口有重叠时，颗粒度细的注册方法优先级更高
+   *
+   * Action1: registerActions(['create']);
+   *
+   * Action2: registerAction([{ name: 'user:*', getMetaData }]);
+   *
+   * Action3: registerAction([{ name: 'user:create', getMetaData }]);
+   *
+   * 对于user:create接口，以上优先级顺序是 Action3 > Action2 > Action1
+   *
+   * @param actions 操作列表
+   */
+  registerActions(actions) {
+    actions.forEach((action) => {
+      this.registerAction(action);
+    });
+  }
+  /**
+   * 注册单个操作，支持的用法同registerActions
+   * @param action 操作
+   */
+  registerAction(action) {
+    let originAction = "";
+    let getMetaData = null;
+    let getUserInfo = null;
+    let getSourceAndTarget = null;
+    if (typeof action === "string") {
+      originAction = action;
+    } else {
+      originAction = action.name;
+      getMetaData = action.getMetaData;
+      getUserInfo = action.getUserInfo;
+      getSourceAndTarget = action.getSourceAndTarget;
+    }
+    const nameRegex = /^[a-zA-Z0-9_-]+$/;
+    const resourceWildcardRegex = /^([a-zA-Z0-9_-]+):\*$/;
+    const resourceAndActionRegex = /^([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)$/;
+    let resourceName = "";
+    let actionName = "";
+    if (nameRegex.test(originAction)) {
+      actionName = originAction;
+      resourceName = "__default__";
+    }
+    if (resourceWildcardRegex.test(originAction)) {
+      const match = originAction.match(resourceWildcardRegex);
+      resourceName = match[1];
+      actionName = "__default__";
+    }
+    if (resourceAndActionRegex.test(originAction)) {
+      const match = originAction.match(resourceAndActionRegex);
+      resourceName = match[1];
+      actionName = match[2];
+    }
+    if (!resourceName && !actionName) {
+      return;
+    }
+    let resource = this.resources.get(resourceName);
+    if (!resource) {
+      resource = /* @__PURE__ */ new Map();
+      this.resources.set(resourceName, resource);
+    }
+    const saveAction = {
+      name: originAction
+    };
+    if (getMetaData) {
+      saveAction.getMetaData = getMetaData;
+    }
+    if (getUserInfo) {
+      saveAction.getUserInfo = getUserInfo;
+    }
+    if (getSourceAndTarget) {
+      saveAction.getSourceAndTarget = getSourceAndTarget;
+    }
+    resource.set(actionName, saveAction);
+  }
+  getAction(action, resource) {
+    let resourceName = resource;
+    if (!resource) {
+      resourceName = "__default__";
+    }
+    if (resourceName === "__default__") {
+      const resourceActions = this.resources.get(resourceName);
+      if (resourceActions) {
+        const resourceAction = resourceActions.get(action);
+        if (resourceAction) {
+          return resourceAction;
+        }
+      }
+    } else {
+      const resourceActions = this.resources.get(resourceName);
+      if (resourceActions) {
+        let resourceAction = resourceActions.get(action);
+        if (resourceAction) {
+          return resourceAction;
+        } else {
+          resourceAction = resourceActions.get("__default__");
+          if (resourceAction) {
+            return resourceAction;
+          } else {
+            const defaultResourceActions = this.resources.get("__default__");
+            if (defaultResourceActions) {
+              const defaultResourceAction = defaultResourceActions.get(action);
+              if (defaultResourceAction) {
+                return defaultResourceAction;
+              }
+            }
+          }
+        }
+      } else {
+        const resourceActions2 = this.resources.get("__default__");
+        if (resourceActions2) {
+          const resourceAction = resourceActions2.get(action);
+          if (resourceAction) {
+            return resourceAction;
+          }
+        }
+      }
+    }
+    return null;
+  }
+  async getDefaultMetaData(ctx) {
+    var _a, _b, _c;
+    let body = null;
+    if (ctx.body) {
+      if (!Buffer.isBuffer(ctx.body) && !isStream(ctx.body)) {
+        body = ctx.body;
+      }
+    }
+    return {
+      request: {
+        params: ctx.request.params,
+        query: ctx.request.query,
+        body: ctx.request.body,
+        path: ctx.request.path,
+        headers: {
+          "x-authenticator": (_a = ctx.request) == null ? void 0 : _a.headers["x-authenticator"],
+          "x-locale": (_b = ctx.request) == null ? void 0 : _b.headers["x-locale"],
+          "x-timezone": (_c = ctx.request) == null ? void 0 : _c.headers["x-timezone"]
+        }
+      },
+      response: {
+        body
+      }
+    };
+  }
+  formatAuditData(ctx) {
+    var _a, _b, _c;
+    const { resourceName } = ctx.action;
+    const ipvalues = ctx.request.header["x-forwarded-for"];
+    let ipvalue = "";
+    if (ipvalues instanceof Array) {
+      ipvalue = ipvalues[0];
+    } else {
+      ipvalue = ipvalues;
+    }
+    const ips = ipvalue ? ipvalue == null ? void 0 : ipvalue.split(/\s*,\s*/) : [];
+    const auditLog = {
+      uuid: ctx.reqId,
+      dataSource: ctx.request.header["x-data-source"] || "main",
+      resource: resourceName,
+      action: ctx.action.actionName,
+      userId: (_b = (_a = ctx.state) == null ? void 0 : _a.currentUser) == null ? void 0 : _b.id,
+      roleName: (_c = ctx.state) == null ? void 0 : _c.currentRole,
+      ip: ips.length > 0 ? ips[0] : ctx.request.ip,
+      ua: ctx.request.header["user-agent"],
+      status: ctx.response.status
+    };
+    return auditLog;
+  }
+  async output(ctx, reqId, metadata) {
+    var _a;
+    try {
+      const { resourceName, actionName } = ctx.action;
+      const action = this.getAction(actionName, resourceName);
+      if (!action) {
+        return;
+      }
+      const auditLog = this.formatAuditData(ctx);
+      auditLog.uuid = reqId;
+      auditLog.status = ctx.status;
+      const defaultMetaData = await this.getDefaultMetaData(ctx);
+      auditLog.metadata = { ...metadata, ...defaultMetaData };
+      if (typeof action !== "string") {
+        if (action.getUserInfo) {
+          const userInfo = await action.getUserInfo(ctx);
+          if (userInfo) {
+            if (userInfo.userId) {
+              auditLog.userId = userInfo.userId;
+            }
+            if (userInfo.roleName) {
+              auditLog.roleName = userInfo.roleName;
+            }
+          }
+        }
+        if (action.getMetaData) {
+          const extra = await action.getMetaData(ctx);
+          if (extra) {
+            if (extra.request) {
+              auditLog.metadata.request = { ...auditLog.metadata.request, ...extra.request };
+            }
+            if (extra.response) {
+              auditLog.metadata.response = { ...auditLog.metadata.response, ...extra.response };
+            }
+            auditLog.metadata = { ...extra, ...auditLog.metadata };
+          }
+        }
+        if (action.getSourceAndTarget) {
+          const sourceAndTarget = await action.getSourceAndTarget(ctx);
+          if (sourceAndTarget) {
+            auditLog.sourceCollection = sourceAndTarget.sourceCollection;
+            auditLog.sourceRecordUK = sourceAndTarget.sourceRecordUK;
+            auditLog.targetCollection = sourceAndTarget.targetCollection;
+            auditLog.targetRecordUK = sourceAndTarget.targetRecordUK;
+          }
+        }
+      }
+      this.logger.log(auditLog);
+    } catch (err) {
+      (_a = ctx.log) == null ? void 0 : _a.error(err);
+    }
+  }
+  // 中间件
+  middleware() {
+    return async (ctx, next) => {
+      const reqId = ctx.reqId;
+      let metadata = {};
+      try {
+        await next();
+      } catch (err) {
+        metadata = {
+          status: ctx.status,
+          errMsg: err.message
+        };
+        throw err;
+      } finally {
+        if (this.logger) {
+          this.output(ctx, reqId, metadata);
+        }
+      }
+    };
+  }
+};
+__name(_AuditManager, "AuditManager");
+let AuditManager = _AuditManager;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuditManager
+});