@xuda.io/runtime-bundle 1.0.490 → 1.0.491

package/js/xuda-runtime-bundle.js

@@ -35628,7 +35628,7 @@ func.expression.parse = function (input) {
   return segments;
 };
 
-func.expression.get_property = async function (valP) {
+func.expression.get_property_org = async function (valP) {
   async function secure_eval(val) {
     if (typeof IS_PROCESS_SERVER === 'undefined') {
       try {
@@ -35666,21 +35666,73 @@ func.expression.get_property = async function (valP) {
     property2: property2,
   };
 };
-func.expression.validate_constant = function (valP) {
+
+func.expression.get_property = async function (valP) {
+  if (typeof valP !== 'string') return { property1: undefined, property2: undefined };
+
+  const secureEval = async (expr) => {
+    if (typeof IS_PROCESS_SERVER === 'undefined') {
+      try {
+        return eval(expr);
+      } catch (err) {
+        console.error(err);
+        return undefined;
+      }
+    }
+    try {
+      const vm = new VM.VM({
+        sandbox: {
+          func,
+          SESSION_ID,
+          SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+        },
+        timeout: 1000,
+        allowAsync: false,
+      });
+      return await vm.run(expr);
+    } catch {
+      return undefined; // Simplified error handling
+    }
+  };
+
+  let property1, property2;
+  const bracketStart = valP.indexOf('[');
+  const bracketEnd = valP.indexOf(']');
+
+  if (bracketStart > -1 && bracketEnd > bracketStart) {
+    const expr = valP.slice(bracketStart + 1, bracketEnd);
+    property1 = await secureEval(expr);
+  }
+
+  const dotIndex = valP.indexOf('.');
+  if (dotIndex > -1) {
+    property2 = valP.slice(dotIndex + 1);
+  }
+
+  return { property1, property2 };
+};
+
+func.expression.validate_constant_org = function (valP) {
   var patt = /["']/;
   if (typeof valP === 'string' && patt.test(valP.substr(0, 1)) && patt.test(valP.substr(0, valP.length - 1))) return true;
   else return false;
 };
-func.expression.validate_variables = function (valP) {
+func.expression.validate_variables_org = function (valP) {
   if (typeof valP === 'string' && valP.indexOf('@') > -1) return true;
   else return false;
 };
-func.expression.remove_quotes = function (valP) {
+func.expression.remove_quotes_org = function (valP) {
   if (func.expression.validate_constant(valP)) return valP.substr(1, valP.length - 2);
   else return valP;
 };
 
-func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+func.expression.validate_constant = (valP) => typeof valP === 'string' && /^["'].*["']$/.test(valP);
+
+func.expression.validate_variables = (valP) => typeof valP === 'string' && valP.includes('@');
+
+func.expression.remove_quotes = (valP) => (func.expression.validate_constant(valP) && typeof valP === 'string' ? valP.slice(1, -1) : valP);
+
+func.expression.secure_eval_org = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
   const api_utils = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
     func,
     glb,
@@ -35781,6 +35833,90 @@ func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id,
     }
   }
 };
+
+func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+  if (typeof val !== 'string') return val;
+
+  const xu = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
+    func,
+    glb,
+    SESSION_OBJ,
+    SESSION_ID,
+    APP_OBJ,
+    dsSession: dsSessionP,
+    job_id,
+  });
+
+  const isServer = typeof IS_PROCESS_SERVER !== 'undefined' || typeof IS_DOCKER !== 'undefined';
+
+  // Client-side execution
+  if (!isServer) {
+    try {
+      return eval(val);
+    } catch {
+      try {
+        return JSON5.parse(val);
+      } catch {
+        return val;
+      }
+    }
+  }
+
+  // Server-side execution
+  const sandbox = {
+    func,
+    xu,
+    SESSION_ID,
+    SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+    callback: js_script_callback,
+    job_id,
+    ...(sourceP === 'javascript' ? { axios, got, FormData } : {}),
+  };
+
+  const handleError = (err) => {
+    console.error('Execution error:', err);
+    func.events.delete_job(SESSION_ID, job_id);
+    if (isServer && !SESSION_OBJ[SESSION_ID].crawler) {
+      if (sourceP === 'javascript') {
+        __.rpi.write_log(SESSION_OBJ[SESSION_ID].app_id, 'error', 'worker', 'vm error', err, null, val, 'func.expression.get.secure_eval');
+      } else {
+        __.db.add_error_log(SESSION_OBJ[SESSION_ID].app_id, 'api', err);
+      }
+    }
+    return val; // Fallback to original value
+  };
+
+  if (sourceP === 'javascript') {
+    process.on('uncaughtException', handleError);
+    try {
+      const dir = path.join(_conf.studio_drive_path, SESSION_OBJ[SESSION_ID].app_id, 'node_modules');
+      const script = new VM.VMScript(`try { ${val} } catch (e) { func.api.error(SESSION_ID, "nodejs error", e); console.error(e); func.events.delete_job(SESSION_ID, "${job_id}"); }`, { filename: dir, dirname: dir });
+      const vm = new VM.NodeVM({
+        require: { external: true },
+        sandbox,
+        timeout: 60000,
+      });
+      return await vm.run(script, { filename: dir, dirname: dir });
+    } catch (err) {
+      return handleError(err);
+    }
+  }
+
+  try {
+    const vm = new VM.VM({
+      sandbox,
+      timeout: 1000,
+      allowAsync: false,
+    });
+    return await vm.run(val);
+  } catch {
+    try {
+      return JSON5.parse(val);
+    } catch {
+      return val;
+    }
+  }
+};
  func.events = {};
 func.events.validate = async function (SESSION_ID, triggerP, dsSessionP, eventIdP, sourceP, argumentsP, return_validation_onlyP) {
   var _session = SESSION_OBJ[SESSION_ID];