npm - @xuda.io/runtime-bundle - Versions diffs - 1.0.490 → 1.0.492 - Mend

@xuda.io/runtime-bundle 1.0.490 → 1.0.492

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/js/xuda-runtime-bundle.js +143 -65
package/js/xuda-runtime-bundle.min.js +1 -1
package/js/xuda-runtime-slim.js +143 -65
package/js/xuda-runtime-slim.min.es.js +143 -65
package/js/xuda-runtime-slim.min.js +1 -1
package/js/xuda-server-bundle.min.mjs +1 -1
package/js/xuda-server-bundle.mjs +143 -65
package/js/xuda-worker-bundle.js +143 -65
package/js/xuda-worker-bundle.min.js +1 -1
package/package.json +1 -1

package/js/xuda-runtime-bundle.js CHANGED Viewed

@@ -34922,7 +34922,7 @@ func.UI.component.init_xu_nav = function ($container, $nav) {
 };
  func.expression = {};
-func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   class xu_class {
     async get() {
       var ret;
@@ -35276,7 +35276,7 @@ func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP,
   return new_class.get();
 };
-func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get_bad = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   const evalJson = (text) => eval(`(${text})`);
   const replaceQuotes = (str) => {
     for (const [key, val] of Object.entries(fields)) {
@@ -35542,64 +35542,6 @@ func.expression.parse_org = function (strP) {
   return res;
 };
-func.expression.parse_bad = function (strP) {
-  const nonLettersPatt = /\W/;
-  const validSymbolsNoArray = /[^.@\[]/;
-  const validSymbolsWithArray = /[^.@"'\[\]]/;
-  function extractStr(str, startPos = 0) {
-    const cleanSplit = (arr) => (arr?.length > 1 && arr[0] === '' && arr[1].includes('@') ? arr.slice(1) : arr);
-    const segments = cleanSplit(str.replace(/@/g, '^^@').split('^^'));
-    const result = [];
-    for (const val of segments || []) {
-      if (!val) continue;
-      const pos = str.indexOf(val) + startPos;
-      if (val.startsWith('@')) {
-        let tmpStr = '';
-        let wordStart = null;
-        let wordEnd = null;
-        let validSymbols = validSymbolsNoArray;
-        for (let i = 0; i < val.length; i++) {
-          const char = val[i];
-          if (char === '[') validSymbols = validSymbolsWithArray;
-          if (char === '.' && wordStart === null) wordStart = i;
-          else if (wordStart !== null && nonLettersPatt.test(char)) wordEnd = i;
-          if (wordStart !== null && wordEnd !== null) {
-            const word = val.slice(wordStart + 1, wordEnd);
-            tmpStr = tmpStr.slice(0, wordStart) + '^^' + tmpStr.slice(wordStart, wordEnd);
-            wordStart = char === '.' ? wordEnd : null;
-            wordEnd = null;
-          }
-          tmpStr += nonLettersPatt.test(char) && validSymbols.test(char) && !tmpStr.includes('^^') ? '^^' + char : char;
-        }
-        if (tmpStr.includes('^^')) {
-          result.push(...extractStr(tmpStr, pos));
-        } else {
-          const fieldIdMatch = val.match(/^@([^.\[]+)/);
-          result.push({
-            value: val,
-            fieldId: fieldIdMatch ? fieldIdMatch[1] : undefined,
-            pos,
-          });
-        }
-      } else {
-        result.push({ value: val, pos });
-      }
-    }
-    return result;
-  }
-  return extractStr(strP);
-};
 func.expression.parse = function (input) {
   if (typeof input !== 'string') return [];
@@ -35628,7 +35570,7 @@ func.expression.parse = function (input) {
   return segments;
 };
-func.expression.get_property = async function (valP) {
+func.expression.get_property_org = async function (valP) {
   async function secure_eval(val) {
     if (typeof IS_PROCESS_SERVER === 'undefined') {
       try {
@@ -35666,21 +35608,73 @@ func.expression.get_property = async function (valP) {
     property2: property2,
   };
 };
-func.expression.validate_constant = function (valP) {
+func.expression.get_property = async function (valP) {
+  if (typeof valP !== 'string') return { property1: undefined, property2: undefined };
+  const secureEval = async (expr) => {
+    if (typeof IS_PROCESS_SERVER === 'undefined') {
+      try {
+        return eval(expr);
+      } catch (err) {
+        console.error(err);
+        return undefined;
+      }
+    }
+    try {
+      const vm = new VM.VM({
+        sandbox: {
+          func,
+          SESSION_ID,
+          SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+        },
+        timeout: 1000,
+        allowAsync: false,
+      });
+      return await vm.run(expr);
+    } catch {
+      return undefined; // Simplified error handling
+    }
+  };
+  let property1, property2;
+  const bracketStart = valP.indexOf('[');
+  const bracketEnd = valP.indexOf(']');
+  if (bracketStart > -1 && bracketEnd > bracketStart) {
+    const expr = valP.slice(bracketStart + 1, bracketEnd);
+    property1 = await secureEval(expr);
+  }
+  const dotIndex = valP.indexOf('.');
+  if (dotIndex > -1) {
+    property2 = valP.slice(dotIndex + 1);
+  }
+  return { property1, property2 };
+};
+func.expression.validate_constant_org = function (valP) {
   var patt = /["']/;
   if (typeof valP === 'string' && patt.test(valP.substr(0, 1)) && patt.test(valP.substr(0, valP.length - 1))) return true;
   else return false;
 };
-func.expression.validate_variables = function (valP) {
+func.expression.validate_variables_org = function (valP) {
   if (typeof valP === 'string' && valP.indexOf('@') > -1) return true;
   else return false;
 };
-func.expression.remove_quotes = function (valP) {
+func.expression.remove_quotes_org = function (valP) {
   if (func.expression.validate_constant(valP)) return valP.substr(1, valP.length - 2);
   else return valP;
 };
-func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+func.expression.validate_constant = (valP) => typeof valP === 'string' && /^["'].*["']$/.test(valP);
+func.expression.validate_variables = (valP) => typeof valP === 'string' && valP.includes('@');
+func.expression.remove_quotes = (valP) => (func.expression.validate_constant(valP) && typeof valP === 'string' ? valP.slice(1, -1) : valP);
+func.expression.secure_eval_org = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
   const api_utils = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
     func,
     glb,
@@ -35781,6 +35775,90 @@ func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id,
     }
   }
 };
+func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+  if (typeof val !== 'string') return val;
+  const xu = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
+    func,
+    glb,
+    SESSION_OBJ,
+    SESSION_ID,
+    APP_OBJ,
+    dsSession: dsSessionP,
+    job_id,
+  });
+  const isServer = typeof IS_PROCESS_SERVER !== 'undefined' || typeof IS_DOCKER !== 'undefined';
+  // Client-side execution
+  if (!isServer) {
+    try {
+      return eval(val);
+    } catch {
+      try {
+        return JSON5.parse(val);
+      } catch {
+        return val;
+      }
+    }
+  }
+  // Server-side execution
+  const sandbox = {
+    func,
+    xu,
+    SESSION_ID,
+    SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+    callback: js_script_callback,
+    job_id,
+    ...(sourceP === 'javascript' ? { axios, got, FormData } : {}),
+  };
+  const handleError = (err) => {
+    console.error('Execution error:', err);
+    func.events.delete_job(SESSION_ID, job_id);
+    if (isServer && !SESSION_OBJ[SESSION_ID].crawler) {
+      if (sourceP === 'javascript') {
+        __.rpi.write_log(SESSION_OBJ[SESSION_ID].app_id, 'error', 'worker', 'vm error', err, null, val, 'func.expression.get.secure_eval');
+      } else {
+        __.db.add_error_log(SESSION_OBJ[SESSION_ID].app_id, 'api', err);
+      }
+    }
+    return val; // Fallback to original value
+  };
+  if (sourceP === 'javascript') {
+    process.on('uncaughtException', handleError);
+    try {
+      const dir = path.join(_conf.studio_drive_path, SESSION_OBJ[SESSION_ID].app_id, 'node_modules');
+      const script = new VM.VMScript(`try { ${val} } catch (e) { func.api.error(SESSION_ID, "nodejs error", e); console.error(e); func.events.delete_job(SESSION_ID, "${job_id}"); }`, { filename: dir, dirname: dir });
+      const vm = new VM.NodeVM({
+        require: { external: true },
+        sandbox,
+        timeout: 60000,
+      });
+      return await vm.run(script, { filename: dir, dirname: dir });
+    } catch (err) {
+      return handleError(err);
+    }
+  }
+  try {
+    const vm = new VM.VM({
+      sandbox,
+      timeout: 1000,
+      allowAsync: false,
+    });
+    return await vm.run(val);
+  } catch {
+    try {
+      return JSON5.parse(val);
+    } catch {
+      return val;
+    }
+  }
+};
  func.events = {};
 func.events.validate = async function (SESSION_ID, triggerP, dsSessionP, eventIdP, sourceP, argumentsP, return_validation_onlyP) {
   var _session = SESSION_OBJ[SESSION_ID];