@xuda.io/runtime-bundle 1.0.490 → 1.0.492

package/js/xuda-runtime-slim.js

@@ -10474,7 +10474,7 @@ func.events.invoke = async function (event_id) {
 };
  func.expression = {};
 
-func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   class xu_class {
     async get() {
       var ret;
@@ -10828,7 +10828,7 @@ func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP,
   return new_class.get();
 };
 
-func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get_bad = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   const evalJson = (text) => eval(`(${text})`);
   const replaceQuotes = (str) => {
     for (const [key, val] of Object.entries(fields)) {
@@ -11094,64 +11094,6 @@ func.expression.parse_org = function (strP) {
   return res;
 };
 
-func.expression.parse_bad = function (strP) {
-  const nonLettersPatt = /\W/;
-  const validSymbolsNoArray = /[^.@\[]/;
-  const validSymbolsWithArray = /[^.@"'\[\]]/;
-
-  function extractStr(str, startPos = 0) {
-    const cleanSplit = (arr) => (arr?.length > 1 && arr[0] === '' && arr[1].includes('@') ? arr.slice(1) : arr);
-
-    const segments = cleanSplit(str.replace(/@/g, '^^@').split('^^'));
-    const result = [];
-
-    for (const val of segments || []) {
-      if (!val) continue;
-      const pos = str.indexOf(val) + startPos;
-
-      if (val.startsWith('@')) {
-        let tmpStr = '';
-        let wordStart = null;
-        let wordEnd = null;
-        let validSymbols = validSymbolsNoArray;
-
-        for (let i = 0; i < val.length; i++) {
-          const char = val[i];
-
-          if (char === '[') validSymbols = validSymbolsWithArray;
-          if (char === '.' && wordStart === null) wordStart = i;
-          else if (wordStart !== null && nonLettersPatt.test(char)) wordEnd = i;
-
-          if (wordStart !== null && wordEnd !== null) {
-            const word = val.slice(wordStart + 1, wordEnd);
-            tmpStr = tmpStr.slice(0, wordStart) + '^^' + tmpStr.slice(wordStart, wordEnd);
-            wordStart = char === '.' ? wordEnd : null;
-            wordEnd = null;
-          }
-
-          tmpStr += nonLettersPatt.test(char) && validSymbols.test(char) && !tmpStr.includes('^^') ? '^^' + char : char;
-        }
-
-        if (tmpStr.includes('^^')) {
-          result.push(...extractStr(tmpStr, pos));
-        } else {
-          const fieldIdMatch = val.match(/^@([^.\[]+)/);
-          result.push({
-            value: val,
-            fieldId: fieldIdMatch ? fieldIdMatch[1] : undefined,
-            pos,
-          });
-        }
-      } else {
-        result.push({ value: val, pos });
-      }
-    }
-    return result;
-  }
-
-  return extractStr(strP);
-};
-
 func.expression.parse = function (input) {
   if (typeof input !== 'string') return [];
 
@@ -11180,7 +11122,7 @@ func.expression.parse = function (input) {
   return segments;
 };
 
-func.expression.get_property = async function (valP) {
+func.expression.get_property_org = async function (valP) {
   async function secure_eval(val) {
     if (typeof IS_PROCESS_SERVER === 'undefined') {
       try {
@@ -11218,21 +11160,73 @@ func.expression.get_property = async function (valP) {
     property2: property2,
   };
 };
-func.expression.validate_constant = function (valP) {
+
+func.expression.get_property = async function (valP) {
+  if (typeof valP !== 'string') return { property1: undefined, property2: undefined };
+
+  const secureEval = async (expr) => {
+    if (typeof IS_PROCESS_SERVER === 'undefined') {
+      try {
+        return eval(expr);
+      } catch (err) {
+        console.error(err);
+        return undefined;
+      }
+    }
+    try {
+      const vm = new VM.VM({
+        sandbox: {
+          func,
+          SESSION_ID,
+          SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+        },
+        timeout: 1000,
+        allowAsync: false,
+      });
+      return await vm.run(expr);
+    } catch {
+      return undefined; // Simplified error handling
+    }
+  };
+
+  let property1, property2;
+  const bracketStart = valP.indexOf('[');
+  const bracketEnd = valP.indexOf(']');
+
+  if (bracketStart > -1 && bracketEnd > bracketStart) {
+    const expr = valP.slice(bracketStart + 1, bracketEnd);
+    property1 = await secureEval(expr);
+  }
+
+  const dotIndex = valP.indexOf('.');
+  if (dotIndex > -1) {
+    property2 = valP.slice(dotIndex + 1);
+  }
+
+  return { property1, property2 };
+};
+
+func.expression.validate_constant_org = function (valP) {
   var patt = /["']/;
   if (typeof valP === 'string' && patt.test(valP.substr(0, 1)) && patt.test(valP.substr(0, valP.length - 1))) return true;
   else return false;
 };
-func.expression.validate_variables = function (valP) {
+func.expression.validate_variables_org = function (valP) {
   if (typeof valP === 'string' && valP.indexOf('@') > -1) return true;
   else return false;
 };
-func.expression.remove_quotes = function (valP) {
+func.expression.remove_quotes_org = function (valP) {
   if (func.expression.validate_constant(valP)) return valP.substr(1, valP.length - 2);
   else return valP;
 };
 
-func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+func.expression.validate_constant = (valP) => typeof valP === 'string' && /^["'].*["']$/.test(valP);
+
+func.expression.validate_variables = (valP) => typeof valP === 'string' && valP.includes('@');
+
+func.expression.remove_quotes = (valP) => (func.expression.validate_constant(valP) && typeof valP === 'string' ? valP.slice(1, -1) : valP);
+
+func.expression.secure_eval_org = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
   const api_utils = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
     func,
     glb,
@@ -11333,6 +11327,90 @@ func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id,
     }
   }
 };
+
+func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+  if (typeof val !== 'string') return val;
+
+  const xu = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
+    func,
+    glb,
+    SESSION_OBJ,
+    SESSION_ID,
+    APP_OBJ,
+    dsSession: dsSessionP,
+    job_id,
+  });
+
+  const isServer = typeof IS_PROCESS_SERVER !== 'undefined' || typeof IS_DOCKER !== 'undefined';
+
+  // Client-side execution
+  if (!isServer) {
+    try {
+      return eval(val);
+    } catch {
+      try {
+        return JSON5.parse(val);
+      } catch {
+        return val;
+      }
+    }
+  }
+
+  // Server-side execution
+  const sandbox = {
+    func,
+    xu,
+    SESSION_ID,
+    SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+    callback: js_script_callback,
+    job_id,
+    ...(sourceP === 'javascript' ? { axios, got, FormData } : {}),
+  };
+
+  const handleError = (err) => {
+    console.error('Execution error:', err);
+    func.events.delete_job(SESSION_ID, job_id);
+    if (isServer && !SESSION_OBJ[SESSION_ID].crawler) {
+      if (sourceP === 'javascript') {
+        __.rpi.write_log(SESSION_OBJ[SESSION_ID].app_id, 'error', 'worker', 'vm error', err, null, val, 'func.expression.get.secure_eval');
+      } else {
+        __.db.add_error_log(SESSION_OBJ[SESSION_ID].app_id, 'api', err);
+      }
+    }
+    return val; // Fallback to original value
+  };
+
+  if (sourceP === 'javascript') {
+    process.on('uncaughtException', handleError);
+    try {
+      const dir = path.join(_conf.studio_drive_path, SESSION_OBJ[SESSION_ID].app_id, 'node_modules');
+      const script = new VM.VMScript(`try { ${val} } catch (e) { func.api.error(SESSION_ID, "nodejs error", e); console.error(e); func.events.delete_job(SESSION_ID, "${job_id}"); }`, { filename: dir, dirname: dir });
+      const vm = new VM.NodeVM({
+        require: { external: true },
+        sandbox,
+        timeout: 60000,
+      });
+      return await vm.run(script, { filename: dir, dirname: dir });
+    } catch (err) {
+      return handleError(err);
+    }
+  }
+
+  try {
+    const vm = new VM.VM({
+      sandbox,
+      timeout: 1000,
+      allowAsync: false,
+    });
+    return await vm.run(val);
+  } catch {
+    try {
+      return JSON5.parse(val);
+    } catch {
+      return val;
+    }
+  }
+};
  func.UI.screen = {};
 func.UI.screen.init = async function (SESSION_ID, prog_id, sourceScreenP, callingDataSource_objP, $callingContainerP, triggerIdP, rowIdP, jobNoP, is_panelP, parameters_obj_inP, source_functionP, call_screen_propertiesP) {
   if (!prog_id) return console.error('program is empty');

package/js/xuda-runtime-slim.min.es.js

@@ -14287,7 +14287,7 @@ func.events.invoke = async function (event_id) {
 };
  func.expression = {};
 
-func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   class xu_class {
     async get() {
       var ret;
@@ -14641,7 +14641,7 @@ func.expression.get_org = async function (SESSION_ID, valP, dsSessionP, sourceP,
   return new_class.get();
 };
 
-func.expression.get = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
+func.expression.get_bad = async function (SESSION_ID, valP, dsSessionP, sourceP, rowIdP, sourceActionP, secondPassP, calling_fieldIdP, fieldsP = {}, debug_infoP, iterate_info, js_script_callback, jobNo, api_output_type) {
   const evalJson = (text) => eval(`(${text})`);
   const replaceQuotes = (str) => {
     for (const [key, val] of Object.entries(fields)) {
@@ -14907,64 +14907,6 @@ func.expression.parse_org = function (strP) {
   return res;
 };
 
-func.expression.parse_bad = function (strP) {
-  const nonLettersPatt = /\W/;
-  const validSymbolsNoArray = /[^.@\[]/;
-  const validSymbolsWithArray = /[^.@"'\[\]]/;
-
-  function extractStr(str, startPos = 0) {
-    const cleanSplit = (arr) => (arr?.length > 1 && arr[0] === '' && arr[1].includes('@') ? arr.slice(1) : arr);
-
-    const segments = cleanSplit(str.replace(/@/g, '^^@').split('^^'));
-    const result = [];
-
-    for (const val of segments || []) {
-      if (!val) continue;
-      const pos = str.indexOf(val) + startPos;
-
-      if (val.startsWith('@')) {
-        let tmpStr = '';
-        let wordStart = null;
-        let wordEnd = null;
-        let validSymbols = validSymbolsNoArray;
-
-        for (let i = 0; i < val.length; i++) {
-          const char = val[i];
-
-          if (char === '[') validSymbols = validSymbolsWithArray;
-          if (char === '.' && wordStart === null) wordStart = i;
-          else if (wordStart !== null && nonLettersPatt.test(char)) wordEnd = i;
-
-          if (wordStart !== null && wordEnd !== null) {
-            const word = val.slice(wordStart + 1, wordEnd);
-            tmpStr = tmpStr.slice(0, wordStart) + '^^' + tmpStr.slice(wordStart, wordEnd);
-            wordStart = char === '.' ? wordEnd : null;
-            wordEnd = null;
-          }
-
-          tmpStr += nonLettersPatt.test(char) && validSymbols.test(char) && !tmpStr.includes('^^') ? '^^' + char : char;
-        }
-
-        if (tmpStr.includes('^^')) {
-          result.push(...extractStr(tmpStr, pos));
-        } else {
-          const fieldIdMatch = val.match(/^@([^.\[]+)/);
-          result.push({
-            value: val,
-            fieldId: fieldIdMatch ? fieldIdMatch[1] : undefined,
-            pos,
-          });
-        }
-      } else {
-        result.push({ value: val, pos });
-      }
-    }
-    return result;
-  }
-
-  return extractStr(strP);
-};
-
 func.expression.parse = function (input) {
   if (typeof input !== 'string') return [];
 
@@ -14993,7 +14935,7 @@ func.expression.parse = function (input) {
   return segments;
 };
 
-func.expression.get_property = async function (valP) {
+func.expression.get_property_org = async function (valP) {
   async function secure_eval(val) {
     if (typeof IS_PROCESS_SERVER === 'undefined') {
       try {
@@ -15031,21 +14973,73 @@ func.expression.get_property = async function (valP) {
     property2: property2,
   };
 };
-func.expression.validate_constant = function (valP) {
+
+func.expression.get_property = async function (valP) {
+  if (typeof valP !== 'string') return { property1: undefined, property2: undefined };
+
+  const secureEval = async (expr) => {
+    if (typeof IS_PROCESS_SERVER === 'undefined') {
+      try {
+        return eval(expr);
+      } catch (err) {
+        console.error(err);
+        return undefined;
+      }
+    }
+    try {
+      const vm = new VM.VM({
+        sandbox: {
+          func,
+          SESSION_ID,
+          SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+        },
+        timeout: 1000,
+        allowAsync: false,
+      });
+      return await vm.run(expr);
+    } catch {
+      return undefined; // Simplified error handling
+    }
+  };
+
+  let property1, property2;
+  const bracketStart = valP.indexOf('[');
+  const bracketEnd = valP.indexOf(']');
+
+  if (bracketStart > -1 && bracketEnd > bracketStart) {
+    const expr = valP.slice(bracketStart + 1, bracketEnd);
+    property1 = await secureEval(expr);
+  }
+
+  const dotIndex = valP.indexOf('.');
+  if (dotIndex > -1) {
+    property2 = valP.slice(dotIndex + 1);
+  }
+
+  return { property1, property2 };
+};
+
+func.expression.validate_constant_org = function (valP) {
   var patt = /["']/;
   if (typeof valP === 'string' && patt.test(valP.substr(0, 1)) && patt.test(valP.substr(0, valP.length - 1))) return true;
   else return false;
 };
-func.expression.validate_variables = function (valP) {
+func.expression.validate_variables_org = function (valP) {
   if (typeof valP === 'string' && valP.indexOf('@') > -1) return true;
   else return false;
 };
-func.expression.remove_quotes = function (valP) {
+func.expression.remove_quotes_org = function (valP) {
   if (func.expression.validate_constant(valP)) return valP.substr(1, valP.length - 2);
   else return valP;
 };
 
-func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+func.expression.validate_constant = (valP) => typeof valP === 'string' && /^["'].*["']$/.test(valP);
+
+func.expression.validate_variables = (valP) => typeof valP === 'string' && valP.includes('@');
+
+func.expression.remove_quotes = (valP) => (func.expression.validate_constant(valP) && typeof valP === 'string' ? valP.slice(1, -1) : valP);
+
+func.expression.secure_eval_org = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
   const api_utils = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
     func,
     glb,
@@ -15146,6 +15140,90 @@ func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id,
     }
   }
 };
+
+func.expression.secure_eval = async function (SESSION_ID, sourceP, val, job_id, dsSessionP, js_script_callback, evt) {
+  if (typeof val !== 'string') return val;
+
+  const xu = await func.common.get_module(SESSION_ID, 'xuda-api-library.mjs', {
+    func,
+    glb,
+    SESSION_OBJ,
+    SESSION_ID,
+    APP_OBJ,
+    dsSession: dsSessionP,
+    job_id,
+  });
+
+  const isServer = typeof IS_PROCESS_SERVER !== 'undefined' || typeof IS_DOCKER !== 'undefined';
+
+  // Client-side execution
+  if (!isServer) {
+    try {
+      return eval(val);
+    } catch {
+      try {
+        return JSON5.parse(val);
+      } catch {
+        return val;
+      }
+    }
+  }
+
+  // Server-side execution
+  const sandbox = {
+    func,
+    xu,
+    SESSION_ID,
+    SESSION_OBJ: { [SESSION_ID]: SESSION_OBJ[SESSION_ID] },
+    callback: js_script_callback,
+    job_id,
+    ...(sourceP === 'javascript' ? { axios, got, FormData } : {}),
+  };
+
+  const handleError = (err) => {
+    console.error('Execution error:', err);
+    func.events.delete_job(SESSION_ID, job_id);
+    if (isServer && !SESSION_OBJ[SESSION_ID].crawler) {
+      if (sourceP === 'javascript') {
+        __.rpi.write_log(SESSION_OBJ[SESSION_ID].app_id, 'error', 'worker', 'vm error', err, null, val, 'func.expression.get.secure_eval');
+      } else {
+        __.db.add_error_log(SESSION_OBJ[SESSION_ID].app_id, 'api', err);
+      }
+    }
+    return val; // Fallback to original value
+  };
+
+  if (sourceP === 'javascript') {
+    process.on('uncaughtException', handleError);
+    try {
+      const dir = path.join(_conf.studio_drive_path, SESSION_OBJ[SESSION_ID].app_id, 'node_modules');
+      const script = new VM.VMScript(`try { ${val} } catch (e) { func.api.error(SESSION_ID, "nodejs error", e); console.error(e); func.events.delete_job(SESSION_ID, "${job_id}"); }`, { filename: dir, dirname: dir });
+      const vm = new VM.NodeVM({
+        require: { external: true },
+        sandbox,
+        timeout: 60000,
+      });
+      return await vm.run(script, { filename: dir, dirname: dir });
+    } catch (err) {
+      return handleError(err);
+    }
+  }
+
+  try {
+    const vm = new VM.VM({
+      sandbox,
+      timeout: 1000,
+      allowAsync: false,
+    });
+    return await vm.run(val);
+  } catch {
+    try {
+      return JSON5.parse(val);
+    } catch {
+      return val;
+    }
+  }
+};
  func.UI.main = {};
 
 func.UI.main.clear_SYNC_INTERVAL = function () {