@nocobase/server 1.6.0-alpha.2 → 1.6.0-alpha.21

package/lib/aes-encryptor.d.ts

@@ -0,0 +1,20 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+/// <reference types="node" />
+import Application from './application';
+export declare class AesEncryptor {
+    private key;
+    constructor(key: Buffer);
+    encrypt(text: string): Promise<string>;
+    decrypt(encryptedText: string): Promise<string>;
+    static getOrGenerateKey(keyFilePath: string): Promise<Buffer>;
+    static getKeyPath(appName: string): Promise<string>;
+    static create(app: Application): Promise<AesEncryptor>;
+}
+export default AesEncryptor;

package/lib/aes-encryptor.js

@@ -0,0 +1,126 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var aes_encryptor_exports = {};
+__export(aes_encryptor_exports, {
+  AesEncryptor: () => AesEncryptor,
+  default: () => aes_encryptor_default
+});
+module.exports = __toCommonJS(aes_encryptor_exports);
+var import_crypto = __toESM(require("crypto"));
+var import_fs_extra = __toESM(require("fs-extra"));
+var import_path = __toESM(require("path"));
+const _AesEncryptor = class _AesEncryptor {
+  key;
+  constructor(key) {
+    if (key.length !== 32) {
+      throw new Error("Key must be 32 bytes for AES-256 encryption.");
+    }
+    this.key = key;
+  }
+  async encrypt(text) {
+    return new Promise((resolve, reject) => {
+      try {
+        const iv = import_crypto.default.randomBytes(16);
+        const cipher = import_crypto.default.createCipheriv("aes-256-cbc", this.key, iv);
+        const encrypted = Buffer.concat([cipher.update(Buffer.from(text, "utf8")), cipher.final()]);
+        resolve(iv.toString("hex") + encrypted.toString("hex"));
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+  async decrypt(encryptedText) {
+    return new Promise((resolve, reject) => {
+      try {
+        const iv = Buffer.from(encryptedText.slice(0, 32), "hex");
+        const encrypted = Buffer.from(encryptedText.slice(32), "hex");
+        const decipher = import_crypto.default.createDecipheriv("aes-256-cbc", this.key, iv);
+        const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+        resolve(decrypted.toString("utf8"));
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+  static async getOrGenerateKey(keyFilePath) {
+    try {
+      const key = await import_fs_extra.default.readFile(keyFilePath);
+      if (key.length !== 32) {
+        throw new Error("Invalid key length in file.");
+      }
+      return key;
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        const key = import_crypto.default.randomBytes(32);
+        await import_fs_extra.default.mkdir(import_path.default.dirname(keyFilePath), { recursive: true });
+        await import_fs_extra.default.writeFile(keyFilePath, key);
+        return key;
+      } else {
+        throw new Error(`Failed to load key: ${error.message}`);
+      }
+    }
+  }
+  static async getKeyPath(appName) {
+    const appKeyPath = import_path.default.resolve(process.cwd(), "storage", "apps", appName, "aes_key.dat");
+    const appKeyExists = await import_fs_extra.default.exists(appKeyPath);
+    if (appKeyExists) {
+      return appKeyPath;
+    }
+    const envKeyPath = import_path.default.resolve(process.cwd(), "storage", "environment-variables", appName, "aes_key.dat");
+    const envKeyExists = await import_fs_extra.default.exists(envKeyPath);
+    if (envKeyExists) {
+      return envKeyPath;
+    }
+    return appKeyPath;
+  }
+  static async create(app) {
+    let key = process.env.APP_AES_SECRET_KEY;
+    if (!key) {
+      const keyPath = await this.getKeyPath(app.name);
+      key = await _AesEncryptor.getOrGenerateKey(keyPath);
+    }
+    return new _AesEncryptor(key);
+  }
+};
+__name(_AesEncryptor, "AesEncryptor");
+let AesEncryptor = _AesEncryptor;
+var aes_encryptor_default = AesEncryptor;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AesEncryptor
+});

package/lib/application.d.ts

@@ -15,8 +15,8 @@ import Database, { CollectionOptions, IDatabaseOptions } from '@nocobase/databas
 import { Logger, LoggerOptions, RequestLoggerOptions, SystemLogger, SystemLoggerOptions } from '@nocobase/logger';
 import { ResourceOptions, Resourcer } from '@nocobase/resourcer';
 import { Telemetry, TelemetryOptions } from '@nocobase/telemetry';
-import { AsyncEmitter, ToposortOptions } from '@nocobase/utils';
 import { LockManager, LockManagerOptions } from '@nocobase/lock-manager';
+import { AsyncEmitter, ToposortOptions } from '@nocobase/utils';
 import { Command, CommandOptions, ParseOptions } from 'commander';
 import { IncomingMessage, ServerResponse } from 'http';
 import { i18n, InitOptions } from 'i18next';
@@ -31,7 +31,10 @@ import { Plugin } from './plugin';
 import { InstallOptions, PluginManager } from './plugin-manager';
 import { PubSubManager, PubSubManagerOptions } from './pub-sub-manager';
 import { SyncMessageManager } from './sync-message-manager';
+import AesEncryptor from './aes-encryptor';
 import { AuditManager } from './audit-manager';
+import { Environment } from './environment';
+import { ServiceContainer } from './service-container';
 export type PluginType = string | typeof Plugin;
 export type PluginConfiguration = PluginType | [PluginType, any];
 export interface ResourceManagerOptions {
@@ -169,6 +172,7 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
     private _maintainingCommandStatus;
     private _maintainingStatusBeforeCommand;
     private _actionCommand;
+    container: ServiceContainer;
     lockManager: LockManager;
     constructor(options: ApplicationOptions);
     private static staticCommands;
@@ -193,6 +197,8 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
      * @internal
      */
     get maintainingMessage(): string;
+    private _env;
+    get environment(): Environment;
     protected _cronJobManager: CronJobManager;
     get cronJobManager(): CronJobManager;
     get mainDataSource(): SequelizeDataSource;
@@ -238,6 +244,8 @@ export declare class Application<StateT = DefaultState, ContextT = DefaultContex
     get name(): string;
     protected _dataSourceManager: DataSourceManager;
     get dataSourceManager(): DataSourceManager;
+    protected _aesEncryptor: AesEncryptor;
+    get aesEncryptor(): AesEncryptor;
     /**
      * @internal
      */

package/lib/application.js

@@ -49,8 +49,8 @@ var import_data_source_manager = require("@nocobase/data-source-manager");
 var import_database = __toESM(require("@nocobase/database"));
 var import_logger = require("@nocobase/logger");
 var import_telemetry = require("@nocobase/telemetry");
-var import_utils = require("@nocobase/utils");
 var import_lock_manager = require("@nocobase/lock-manager");
+var import_utils = require("@nocobase/utils");
 var import_crypto = require("crypto");
 var import_glob = __toESM(require("glob"));
 var import_koa = __toESM(require("koa"));
@@ -76,7 +76,11 @@ var import_plugin_manager = require("./plugin-manager");
 var import_pub_sub_manager = require("./pub-sub-manager");
 var import_sync_message_manager = require("./sync-message-manager");
 var import_package = __toESM(require("../package.json"));
+var import_available_action = require("./acl/available-action");
+var import_aes_encryptor = __toESM(require("./aes-encryptor"));
 var import_audit_manager = require("./audit-manager");
+var import_environment = require("./environment");
+var import_service_container = require("./service-container");
 const _Application = class _Application extends import_koa.default {
   constructor(options) {
     super();
@@ -125,6 +129,7 @@ const _Application = class _Application extends import_koa.default {
   _maintainingCommandStatus;
   _maintainingStatusBeforeCommand;
   _actionCommand;
+  container = new import_service_container.ServiceContainer();
   lockManager;
   static addCommand(callback) {
     this.staticCommands.push(callback);
@@ -161,6 +166,10 @@ const _Application = class _Application extends import_koa.default {
   get maintainingMessage() {
     return this._maintainingMessage;
   }
+  _env;
+  get environment() {
+    return this._env;
+  }
   _cronJobManager;
   get cronJobManager() {
     return this._cronJobManager;
@@ -250,6 +259,10 @@ const _Application = class _Application extends import_koa.default {
   get dataSourceManager() {
     return this._dataSourceManager;
   }
+  _aesEncryptor;
+  get aesEncryptor() {
+    return this._aesEncryptor;
+  }
   /**
    * @internal
    */
@@ -370,7 +383,10 @@ const _Application = class _Application extends import_koa.default {
     this._loaded = false;
   }
   async createCacheManager() {
-    this._cacheManager = await (0, import_cache2.createCacheManager)(this, this.options.cacheManager);
+    this._cacheManager = await (0, import_cache2.createCacheManager)(this, {
+      prefix: this.name,
+      ...this.options.cacheManager
+    });
     return this._cacheManager;
   }
   async load(options) {
@@ -393,6 +409,7 @@ const _Application = class _Application extends import_koa.default {
         await oldDb.close();
       }
     }
+    this._aesEncryptor = await import_aes_encryptor.default.create(this);
     if (this.cacheManager) {
       await this.cacheManager.close();
     }
@@ -830,6 +847,7 @@ const _Application = class _Application extends import_koa.default {
     }
     this.createMainDataSource(options);
     this._cronJobManager = new import_cron_job_manager.CronJobManager(this);
+    this._env = new import_environment.Environment();
     this._cli = this.createCLI();
     this._i18n = (0, import_helper.createI18n)(options);
     this.pubSubManager = (0, import_pub_sub_manager.createPubSubManager)(this, options.pubSubManager);
@@ -863,6 +881,13 @@ const _Application = class _Application extends import_koa.default {
       name: "auth",
       actions: import_auth.actions
     });
+    this._dataSourceManager.afterAddDataSource((dataSource) => {
+      if (dataSource.collectionManager instanceof import_data_source_manager.SequelizeCollectionManager) {
+        for (const [actionName, actionParams] of Object.entries(import_available_action.availableActions)) {
+          dataSource.acl.setAvailableAction(actionName, actionParams);
+        }
+      }
+    });
     this._dataSourceManager.use(this._authManager.middleware(), { tag: "auth" });
     this._dataSourceManager.use(import_validate_filter_params.default, { tag: "validate-filter-params", before: ["auth"] });
     this._dataSourceManager.use(import_middlewares.parseVariables, {

package/lib/audit-manager/index.js

@@ -260,6 +260,8 @@ const _AuditManager = class _AuditManager {
       const auditLog = this.formatAuditData(ctx);
       auditLog.uuid = reqId;
       auditLog.status = ctx.status;
+      const defaultMetaData = await this.getDefaultMetaData(ctx);
+      auditLog.metadata = { ...metadata, ...defaultMetaData };
       if (typeof action !== "string") {
         if (action.getUserInfo) {
           const userInfo = await action.getUserInfo(ctx);
@@ -274,10 +276,15 @@ const _AuditManager = class _AuditManager {
         }
         if (action.getMetaData) {
           const extra = await action.getMetaData(ctx);
-          auditLog.metadata = { ...metadata, ...extra };
-        } else {
-          const defaultMetaData = await this.getDefaultMetaData(ctx);
-          auditLog.metadata = { ...metadata, ...defaultMetaData };
+          if (extra) {
+            if (extra.request) {
+              auditLog.metadata.request = { ...auditLog.metadata.request, ...extra.request };
+            }
+            if (extra.response) {
+              auditLog.metadata.response = { ...auditLog.metadata.response, ...extra.response };
+            }
+            auditLog.metadata = { ...extra, ...auditLog.metadata };
+          }
         }
         if (action.getSourceAndTarget) {
           const sourceAndTarget = await action.getSourceAndTarget(ctx);
@@ -288,9 +295,6 @@ const _AuditManager = class _AuditManager {
             auditLog.targetRecordUK = sourceAndTarget.targetRecordUK;
           }
         }
-      } else {
-        const defaultMetaData = await this.getDefaultMetaData(ctx);
-        auditLog.metadata = { ...metadata, ...defaultMetaData };
       }
       this.logger.log(auditLog);
     } catch (err) {

package/lib/environment.d.ts

@@ -0,0 +1,18 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+export declare class Environment {
+    private vars;
+    setVariable(key: string, value: string): void;
+    removeVariable(key: string): void;
+    getVariablesAndSecrets(): {};
+    getVariables(): {};
+    renderJsonTemplate(template: any, options?: {
+        omit?: string[];
+    }): any;
+}

package/lib/environment.js

@@ -0,0 +1,80 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var environment_exports = {};
+__export(environment_exports, {
+  Environment: () => Environment
+});
+module.exports = __toCommonJS(environment_exports);
+var import_utils = require("@nocobase/utils");
+var import_lodash = __toESM(require("lodash"));
+const _Environment = class _Environment {
+  vars = {};
+  setVariable(key, value) {
+    this.vars[key] = value;
+  }
+  removeVariable(key) {
+    delete this.vars[key];
+  }
+  getVariablesAndSecrets() {
+    return this.vars;
+  }
+  getVariables() {
+    return this.vars;
+  }
+  renderJsonTemplate(template, options) {
+    if (options == null ? void 0 : options.omit) {
+      const omitTemplate = import_lodash.default.omit(template, options.omit);
+      const parsed = (0, import_utils.parse)(omitTemplate)({
+        $env: this.vars
+      });
+      for (const key of options.omit) {
+        import_lodash.default.set(parsed, key, import_lodash.default.get(template, key));
+      }
+      return parsed;
+    }
+    return (0, import_utils.parse)(template)({
+      $env: this.vars
+    });
+  }
+};
+__name(_Environment, "Environment");
+let Environment = _Environment;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Environment
+});

package/lib/gateway/index.js

@@ -63,7 +63,17 @@ var import_errors = require("./errors");
 var import_ipc_socket_client = require("./ipc-socket-client");
 var import_ipc_socket_server = require("./ipc-socket-server");
 var import_ws_server = require("./ws-server");
+var import_node_worker_threads = require("node:worker_threads");
+var import_node_process = __toESM(require("node:process"));
 const compress = (0, import_node_util.promisify)((0, import_compression.default)());
+function getSocketPath() {
+  const { SOCKET_PATH } = import_node_process.default.env;
+  if ((0, import_path.isAbsolute)(SOCKET_PATH)) {
+    return SOCKET_PATH;
+  }
+  return (0, import_path.resolve)(import_node_process.default.cwd(), SOCKET_PATH);
+}
+__name(getSocketPath, "getSocketPath");
 const _Gateway = class _Gateway extends import_events.EventEmitter {
   /**
    * use main app as default app to handle request
@@ -72,16 +82,14 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
   server = null;
   ipcSocketServer = null;
   loggers = new import_utils.Registry();
-  port = process.env.APP_PORT ? parseInt(process.env.APP_PORT) : null;
+  port = import_node_process.default.env.APP_PORT ? parseInt(import_node_process.default.env.APP_PORT) : null;
   host = "0.0.0.0";
   wsServer;
-  socketPath = (0, import_path.resolve)(process.cwd(), "storage", "gateway.sock");
+  socketPath = (0, import_path.resolve)(import_node_process.default.cwd(), "storage", "gateway.sock");
   constructor() {
     super();
     this.reset();
-    if (process.env.SOCKET_PATH) {
-      this.socketPath = (0, import_path.resolve)(process.cwd(), process.env.SOCKET_PATH);
-    }
+    this.socketPath = getSocketPath();
   }
   static getInstance(options = {}) {
     if (!_Gateway.instance) {
@@ -90,7 +98,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
     return _Gateway.instance;
   }
   static async getIPCSocketClient() {
-    const socketPath = (0, import_path.resolve)(process.cwd(), process.env.SOCKET_PATH || "storage/gateway.sock");
+    const socketPath = getSocketPath();
     try {
       return await import_ipc_socket_client.IPCSocketClient.getConnection(socketPath);
     } catch (error) {
@@ -166,7 +174,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
   }
   async requestHandler(req, res) {
     const { pathname } = (0, import_url.parse)(req.url);
-    const { PLUGIN_STATICS_PATH, APP_PUBLIC_PATH } = process.env;
+    const { PLUGIN_STATICS_PATH, APP_PUBLIC_PATH } = import_node_process.default.env;
     if (pathname.endsWith("/__umi/api/bundle-status")) {
       res.statusCode = 200;
       res.end("ok");
@@ -176,7 +184,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
       req.url = req.url.substring(APP_PUBLIC_PATH.length - 1);
       await compress(req, res);
       return (0, import_serve_handler.default)(req, res, {
-        public: (0, import_path.resolve)(process.cwd()),
+        public: (0, import_path.resolve)(import_node_process.default.cwd()),
         directoryListing: false
       });
     }
@@ -195,15 +203,22 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
         ]
       });
     }
-    if (!pathname.startsWith(process.env.API_BASE_PATH)) {
+    if (!pathname.startsWith(import_node_process.default.env.API_BASE_PATH)) {
       req.url = req.url.substring(APP_PUBLIC_PATH.length - 1);
       await compress(req, res);
       return (0, import_serve_handler.default)(req, res, {
-        public: `${process.env.APP_PACKAGE_ROOT}/dist/client`,
+        public: `${import_node_process.default.env.APP_PACKAGE_ROOT}/dist/client`,
         rewrites: [{ source: "/**", destination: "/index.html" }]
       });
     }
-    const handleApp = await this.getRequestHandleAppName(req);
+    let handleApp = "main";
+    try {
+      handleApp = await this.getRequestHandleAppName(req);
+    } catch (error) {
+      console.log(error);
+      this.responseErrorWithCode("APP_INITIALIZING", res, { appName: handleApp });
+      return;
+    }
     const hasApp = import_app_supervisor.AppSupervisor.getInstance().hasApp(handleApp);
     if (!hasApp) {
       void import_app_supervisor.AppSupervisor.getInstance().bootStrapApp(handleApp);
@@ -257,10 +272,10 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
   }
   /* istanbul ignore next -- @preserve */
   async watch() {
-    if (!process.env.IS_DEV_CMD) {
+    if (!import_node_process.default.env.IS_DEV_CMD) {
       return;
     }
-    const file = process.env.WATCH_FILE;
+    const file = import_node_process.default.env.WATCH_FILE;
     if (!import_fs.default.existsSync(file)) {
       await import_fs.default.promises.writeFile(file, `export const watchId = '${(0, import_utils.uid)()}';`, "utf-8");
     }
@@ -273,8 +288,8 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
     if (isStart) {
       await this.watch();
       const startOptions = this.getStartOptions();
-      const port = startOptions.port || process.env.APP_PORT || 13e3;
-      const host = startOptions.host || process.env.APP_HOST || "0.0.0.0";
+      const port = startOptions.port || import_node_process.default.env.APP_PORT || 13e3;
+      const host = startOptions.host || import_node_process.default.env.APP_HOST || "0.0.0.0";
       this.start({
         port,
         host
@@ -282,7 +297,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
     } else if (!this.isHelp()) {
       ipcClient = await this.tryConnectToIPCServer();
       if (ipcClient) {
-        const response = await ipcClient.write({ type: "passCliArgv", payload: { argv: process.argv } });
+        const response = await ipcClient.write({ type: "passCliArgv", payload: { argv: import_node_process.default.argv } });
         ipcClient.close();
         if (!["error", "not_found"].includes(response.type)) {
           return;
@@ -293,15 +308,19 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
       await (0, import_plugin_symlink.createStoragePluginsSymlink)();
     }
     const mainApp = import_app_supervisor.AppSupervisor.getInstance().bootMainApp(options.mainAppOptions);
-    mainApp.runAsCLI(process.argv, {
-      throwError: true,
-      from: "node"
-    }).then(async () => {
+    let runArgs = [import_node_process.default.argv, { throwError: true, from: "node" }];
+    if (!import_node_worker_threads.isMainThread) {
+      runArgs = [import_node_worker_threads.workerData.argv, { throwError: true, from: "user" }];
+    }
+    mainApp.runAsCLI(...runArgs).then(async () => {
       if (!isStart && !await mainApp.isStarted()) {
         await mainApp.stop({ logging: false });
       }
     }).catch(async (e) => {
       if (e.code !== "commander.helpDisplayed") {
+        if (!import_node_worker_threads.isMainThread) {
+          throw e;
+        }
         mainApp.log.error(e);
       }
       if (!isStart && !await mainApp.isStarted()) {
@@ -310,16 +329,16 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
     });
   }
   isStart() {
-    const argv = process.argv;
+    const argv = import_node_process.default.argv;
     return argv[2] === "start";
   }
   isHelp() {
-    const argv = process.argv;
+    const argv = import_node_process.default.argv;
     return argv[2] === "help";
   }
   getStartOptions() {
     const program = new import_commander.Command();
-    program.allowUnknownOption().option("-s, --silent").option("-p, --port [post]").option("-h, --host [host]").option("--db-sync").parse(process.argv);
+    program.allowUnknownOption().option("-s, --silent").option("-p, --port [post]").option("-h, --host [host]").option("--db-sync").parse(import_node_process.default.argv);
     return program.opts();
   }
   start(options) {
@@ -344,7 +363,7 @@ const _Gateway = class _Gateway extends import_events.EventEmitter {
     this.wsServer = new import_ws_server.WSServer();
     this.server.on("upgrade", (request, socket, head) => {
       const { pathname } = (0, import_url.parse)(request.url);
-      if (pathname === process.env.WS_PATH) {
+      if (pathname === import_node_process.default.env.WS_PATH) {
         this.wsServer.wss.handleUpgrade(request, socket, head, (ws) => {
           this.wsServer.wss.emit("connection", ws, request);
         });

package/lib/gateway/ws-server.d.ts

@@ -7,29 +7,45 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 /// <reference types="node" />
+/// <reference types="node" />
 import WebSocket from 'ws';
 import { IncomingMessage } from 'http';
 import { Logger } from '@nocobase/logger';
+import EventEmitter from 'events';
 declare class WebSocketWithId extends WebSocket {
     id: string;
 }
 interface WebSocketClient {
     ws: WebSocketWithId;
-    tags: string[];
+    tags: Set<string>;
     url: string;
     headers: any;
     app?: string;
+    id: string;
 }
-export declare class WSServer {
+export declare class WSServer extends EventEmitter {
     wss: WebSocket.Server;
     webSocketClients: Map<string, WebSocketClient>;
     logger: Logger;
     constructor();
+    bindAppWSEvents(app: any): void;
     addNewConnection(ws: WebSocketWithId, request: IncomingMessage): WebSocketClient;
+    setClientTag(clientId: string, tagKey: string, tagValue: string): void;
+    removeClientTag(clientId: string, tagKey: string): void;
     setClientApp(client: WebSocketClient): Promise<void>;
     removeConnection(id: string): void;
     sendMessageToConnection(client: WebSocketClient, sendMessage: object): void;
     sendToConnectionsByTag(tagName: string, tagValue: string, sendMessage: object): void;
+    /**
+     * Send message to clients that match all the given tag conditions
+     * @param tags Array of tag conditions, each condition is an object with tagName and tagValue
+     * @param sendMessage Message to be sent
+     */
+    sendToConnectionsByTags(tags: Array<{
+        tagName: string;
+        tagValue: string;
+    }>, sendMessage: object): void;
+    sendToClient(clientId: string, sendMessage: object): void;
     loopThroughConnections(callback: (client: WebSocketClient) => void): void;
     close(): void;
 }