@nocobase/server 1.6.0-alpha.17 → 1.6.0-alpha.18

package/lib/aes-encryptor.d.ts

@@ -0,0 +1,20 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+/// <reference types="node" />
+import Application from './application';
+export declare class AesEncryptor {
+    private key;
+    constructor(key: Buffer);
+    encrypt(text: string): Promise<string>;
+    decrypt(encryptedText: string): Promise<string>;
+    static getOrGenerateKey(keyFilePath: string): Promise<Buffer>;
+    static getKeyPath(appName: string): Promise<string>;
+    static create(app: Application): Promise<AesEncryptor>;
+}
+export default AesEncryptor;

package/lib/aes-encryptor.js

@@ -0,0 +1,126 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var aes_encryptor_exports = {};
+__export(aes_encryptor_exports, {
+  AesEncryptor: () => AesEncryptor,
+  default: () => aes_encryptor_default
+});
+module.exports = __toCommonJS(aes_encryptor_exports);
+var import_crypto = __toESM(require("crypto"));
+var import_fs_extra = __toESM(require("fs-extra"));
+var import_path = __toESM(require("path"));
+const _AesEncryptor = class _AesEncryptor {
+  key;
+  constructor(key) {
+    if (key.length !== 32) {
+      throw new Error("Key must be 32 bytes for AES-256 encryption.");
+    }
+    this.key = key;
+  }
+  async encrypt(text) {
+    return new Promise((resolve, reject) => {
+      try {
+        const iv = import_crypto.default.randomBytes(16);
+        const cipher = import_crypto.default.createCipheriv("aes-256-cbc", this.key, iv);
+        const encrypted = Buffer.concat([cipher.update(Buffer.from(text, "utf8")), cipher.final()]);
+        resolve(iv.toString("hex") + encrypted.toString("hex"));
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+  async decrypt(encryptedText) {
+    return new Promise((resolve, reject) => {
+      try {
+        const iv = Buffer.from(encryptedText.slice(0, 32), "hex");
+        const encrypted = Buffer.from(encryptedText.slice(32), "hex");
+        const decipher = import_crypto.default.createDecipheriv("aes-256-cbc", this.key, iv);
+        const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+        resolve(decrypted.toString("utf8"));
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+  static async getOrGenerateKey(keyFilePath) {
+    try {
+      const key = await import_fs_extra.default.readFile(keyFilePath);
+      if (key.length !== 32) {
+        throw new Error("Invalid key length in file.");
+      }
+      return key;
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        const key = import_crypto.default.randomBytes(32);
+        await import_fs_extra.default.mkdir(import_path.default.dirname(keyFilePath), { recursive: true });
+        await import_fs_extra.default.writeFile(keyFilePath, key);
+        return key;
+      } else {
+        throw new Error(`Failed to load key: ${error.message}`);
+      }
+    }
+  }
+  static async getKeyPath(appName) {
+    const appKeyPath = import_path.default.resolve(process.cwd(), "storage", "apps", appName, "aes_key.dat");
+    const appKeyExists = await import_fs_extra.default.exists(appKeyPath);
+    if (appKeyExists) {
+      return appKeyPath;
+    }
+    const envKeyPath = import_path.default.resolve(process.cwd(), "storage", "environment-variables", appName, "aes_key.dat");
+    const envKeyExists = await import_fs_extra.default.exists(envKeyPath);
+    if (envKeyExists) {
+      return envKeyPath;
+    }
+    return appKeyPath;
+  }
+  static async create(app) {
+    let key = process.env.APP_AES_SECRET_KEY;
+    if (!key) {
+      const keyPath = await this.getKeyPath(app.name);
+      key = await _AesEncryptor.getOrGenerateKey(keyPath);
+    }
+    return new _AesEncryptor(key);
+  }
+};
+__name(_AesEncryptor, "AesEncryptor");
+let AesEncryptor = _AesEncryptor;
+var aes_encryptor_default = AesEncryptor;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AesEncryptor
+});

package/lib/application.d.ts

@@ -31,9 +31,10 @@ import { Plugin } from './plugin';
 import { InstallOptions, PluginManager } from './plugin-manager';
 import { PubSubManager, PubSubManagerOptions } from './pub-sub-manager';
 import { SyncMessageManager } from './sync-message-manager';
-import { ServiceContainer } from './service-container';
+import AesEncryptor from './aes-encryptor';
 import { AuditManager } from './audit-manager';
 import { Environment } from './environment';
+import { ServiceContainer } from './service-container';
 export type PluginType = string | typeof Plugin;
 export type PluginConfiguration = PluginType | [PluginType, any];
 export interface ResourceManagerOptions {
@@ -243,6 +244,8 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
     get name(): string;
     protected _dataSourceManager: DataSourceManager;
     get dataSourceManager(): DataSourceManager;
+    protected _aesEncryptor: AesEncryptor;
+    get aesEncryptor(): AesEncryptor;
     /**
      * @internal
      */

package/lib/application.js

@@ -76,10 +76,11 @@ var import_plugin_manager = require("./plugin-manager");
 var import_pub_sub_manager = require("./pub-sub-manager");
 var import_sync_message_manager = require("./sync-message-manager");
 var import_package = __toESM(require("../package.json"));
-var import_service_container = require("./service-container");
 var import_available_action = require("./acl/available-action");
+var import_aes_encryptor = __toESM(require("./aes-encryptor"));
 var import_audit_manager = require("./audit-manager");
 var import_environment = require("./environment");
+var import_service_container = require("./service-container");
 const _Application = class _Application extends import_koa.default {
   constructor(options) {
     super();
@@ -258,6 +259,10 @@ const _Application = class _Application extends import_koa.default {
   get dataSourceManager() {
     return this._dataSourceManager;
   }
+  _aesEncryptor;
+  get aesEncryptor() {
+    return this._aesEncryptor;
+  }
   /**
    * @internal
    */
@@ -404,6 +409,7 @@ const _Application = class _Application extends import_koa.default {
         await oldDb.close();
       }
     }
+    this._aesEncryptor = await import_aes_encryptor.default.create(this);
     if (this.cacheManager) {
       await this.cacheManager.close();
     }

package/lib/gateway/index.js

@@ -66,6 +66,14 @@ var import_ws_server = require("./ws-server");
 var import_node_worker_threads = require("node:worker_threads");
 var import_node_process = __toESM(require("node:process"));
 const compress = (0, import_node_util.promisify)((0, import_compression.default)());
+function getSocketPath() {
+  const { SOCKET_PATH } = import_node_process.default.env;
+  if ((0, import_path.isAbsolute)(SOCKET_PATH)) {
+    return SOCKET_PATH;
+  }
+  return (0, import_path.resolve)(import_node_process.default.cwd(), SOCKET_PATH);
+}
+__name(getSocketPath, "getSocketPath");
 const _Gateway = class _Gateway extends import_events.EventEmitter {
   /**
    * use main app as default app to handle request
@@ -81,9 +89,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
   constructor() {
     super();
     this.reset();
-    if (import_node_process.default.env.SOCKET_PATH) {
-      this.socketPath = (0, import_path.resolve)(import_node_process.default.cwd(), import_node_process.default.env.SOCKET_PATH);
-    }
+    this.socketPath = getSocketPath();
   }
   static getInstance(options = {}) {
     if (!_Gateway.instance) {
@@ -92,7 +98,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
     return _Gateway.instance;
   }
   static async getIPCSocketClient() {
-    const socketPath = (0, import_path.resolve)(import_node_process.default.cwd(), import_node_process.default.env.SOCKET_PATH || "storage/gateway.sock");
+    const socketPath = getSocketPath();
     try {
       return await import_ipc_socket_client.IPCSocketClient.getConnection(socketPath);
     } catch (error) {

package/lib/helper.js

@@ -56,6 +56,7 @@ var import_i18next = __toESM(require("i18next"));
 var import_koa_bodyparser = __toESM(require("koa-bodyparser"));
 var import_perf_hooks = require("perf_hooks");
 var import_data_wrapping = require("./middlewares/data-wrapping");
+var import_extract_client_ip = require("./middlewares/extract-client-ip");
 var import_i18n = require("./middlewares/i18n");
 function createI18n(options) {
   const instance = import_i18next.default.createInstance();
@@ -121,6 +122,7 @@ function registerMiddlewares(app, options) {
     app.use((0, import_data_wrapping.dataWrapping)(), { tag: "dataWrapping", after: "cors" });
   }
   app.use(app.dataSourceManager.middleware(), { tag: "dataSource", after: "dataWrapping" });
+  app.use((0, import_extract_client_ip.extractClientIp)(), { tag: "extractClientIp", before: "cors" });
 }
 __name(registerMiddlewares, "registerMiddlewares");
 const createAppProxy = /* @__PURE__ */ __name((app) => {

package/lib/index.d.ts

@@ -6,15 +6,16 @@
  * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
+export * from './aes-encryptor';
 export * from './app-supervisor';
 export * from './application';
 export { Application as default } from './application';
+export * from './audit-manager';
 export * from './gateway';
 export * as middlewares from './middlewares';
 export * from './migration';
 export * from './plugin';
 export * from './plugin-manager';
-export * from './audit-manager';
 export * from './pub-sub-manager';
 export declare const OFFICIAL_PLUGIN_PREFIX = "@nocobase/plugin-";
 export { appendToBuiltInPlugins, findAllPlugins, findBuiltInPlugins, findLocalPlugins, packageNameTrim, } from './plugin-manager/findPackageNames';

package/lib/index.js

@@ -48,15 +48,16 @@ __export(src_exports, {
   runPluginStaticImports: () => import_run_plugin_static_imports.runPluginStaticImports
 });
 module.exports = __toCommonJS(src_exports);
+__reExport(src_exports, require("./aes-encryptor"), module.exports);
 __reExport(src_exports, require("./app-supervisor"), module.exports);
 __reExport(src_exports, require("./application"), module.exports);
 var import_application = require("./application");
+__reExport(src_exports, require("./audit-manager"), module.exports);
 __reExport(src_exports, require("./gateway"), module.exports);
 var middlewares = __toESM(require("./middlewares"));
 __reExport(src_exports, require("./migration"), module.exports);
 __reExport(src_exports, require("./plugin"), module.exports);
 __reExport(src_exports, require("./plugin-manager"), module.exports);
-__reExport(src_exports, require("./audit-manager"), module.exports);
 __reExport(src_exports, require("./pub-sub-manager"), module.exports);
 var import_findPackageNames = require("./plugin-manager/findPackageNames");
 var import_run_plugin_static_imports = require("./run-plugin-static-imports");
@@ -71,12 +72,13 @@ const OFFICIAL_PLUGIN_PREFIX = "@nocobase/plugin-";
   middlewares,
   packageNameTrim,
   runPluginStaticImports,
+  ...require("./aes-encryptor"),
   ...require("./app-supervisor"),
   ...require("./application"),
+  ...require("./audit-manager"),
   ...require("./gateway"),
   ...require("./migration"),
   ...require("./plugin"),
   ...require("./plugin-manager"),
-  ...require("./audit-manager"),
   ...require("./pub-sub-manager")
 });

package/lib/middlewares/extract-client-ip.d.ts

@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context, Next } from '@nocobase/actions';
+export declare function extractClientIp(): (ctx: Context, next: Next) => Promise<void>;

package/lib/middlewares/extract-client-ip.js

@@ -0,0 +1,46 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var extract_client_ip_exports = {};
+__export(extract_client_ip_exports, {
+  extractClientIp: () => extractClientIp
+});
+module.exports = __toCommonJS(extract_client_ip_exports);
+function extractClientIp() {
+  return /* @__PURE__ */ __name(async function extractClientIp2(ctx, next) {
+    const forwardedFor = ctx.get("X-Forwarded-For");
+    const ipArray = forwardedFor ? forwardedFor.split(",") : [];
+    const clientIp = ipArray.length > 0 ? ipArray[0].trim() : ctx.request.ip;
+    ctx.state.clientIp = clientIp;
+    await next();
+  }, "extractClientIp");
+}
+__name(extractClientIp, "extractClientIp");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  extractClientIp
+});

package/lib/middlewares/index.d.ts

@@ -7,4 +7,5 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 export * from './data-wrapping';
+export * from './extract-client-ip';
 export { parseVariables } from './parse-variables';

package/lib/middlewares/index.js

@@ -31,9 +31,11 @@ __export(middlewares_exports, {
 });
 module.exports = __toCommonJS(middlewares_exports);
 __reExport(middlewares_exports, require("./data-wrapping"), module.exports);
+__reExport(middlewares_exports, require("./extract-client-ip"), module.exports);
 var import_parse_variables = require("./parse-variables");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   parseVariables,
-  ...require("./data-wrapping")
+  ...require("./data-wrapping"),
+  ...require("./extract-client-ip")
 });

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@nocobase/server",
-    "version": "1.6.0-alpha.17",
+    "version": "1.6.0-alpha.18",
     "main": "lib/index.js",
     "types": "./lib/index.d.ts",
     "license": "AGPL-3.0",
@@ -10,19 +10,19 @@
         "@koa/cors": "^3.1.0",
         "@koa/multer": "^3.0.2",
         "@koa/router": "^9.4.0",
-        "@nocobase/acl": "1.6.0-alpha.17",
-        "@nocobase/actions": "1.6.0-alpha.17",
-        "@nocobase/auth": "1.6.0-alpha.17",
-        "@nocobase/cache": "1.6.0-alpha.17",
-        "@nocobase/data-source-manager": "1.6.0-alpha.17",
-        "@nocobase/database": "1.6.0-alpha.17",
-        "@nocobase/evaluators": "1.6.0-alpha.17",
-        "@nocobase/lock-manager": "1.6.0-alpha.17",
-        "@nocobase/logger": "1.6.0-alpha.17",
-        "@nocobase/resourcer": "1.6.0-alpha.17",
-        "@nocobase/sdk": "1.6.0-alpha.17",
-        "@nocobase/telemetry": "1.6.0-alpha.17",
-        "@nocobase/utils": "1.6.0-alpha.17",
+        "@nocobase/acl": "1.6.0-alpha.18",
+        "@nocobase/actions": "1.6.0-alpha.18",
+        "@nocobase/auth": "1.6.0-alpha.18",
+        "@nocobase/cache": "1.6.0-alpha.18",
+        "@nocobase/data-source-manager": "1.6.0-alpha.18",
+        "@nocobase/database": "1.6.0-alpha.18",
+        "@nocobase/evaluators": "1.6.0-alpha.18",
+        "@nocobase/lock-manager": "1.6.0-alpha.18",
+        "@nocobase/logger": "1.6.0-alpha.18",
+        "@nocobase/resourcer": "1.6.0-alpha.18",
+        "@nocobase/sdk": "1.6.0-alpha.18",
+        "@nocobase/telemetry": "1.6.0-alpha.18",
+        "@nocobase/utils": "1.6.0-alpha.18",
         "@types/decompress": "4.2.7",
         "@types/ini": "^1.3.31",
         "@types/koa-send": "^4.1.3",
@@ -56,5 +56,5 @@
         "@types/serve-handler": "^6.1.1",
         "@types/ws": "^8.5.5"
     },
-    "gitHead": "7212bf5f8f59bc3fcfa1e62387c60665112310fb"
+    "gitHead": "db361bebe9ed4a5ca19fc14183fe4576443568ef"
 }