befly 3.13.10 → 3.14.1

package/dist/befly.js

@@ -105,16 +105,20 @@ function upperFirst(s) {
   if (s.length === 0) {
     return s;
   }
-  return s[0].toUpperCase() + s.slice(1);
+  return s.charAt(0).toUpperCase() + s.slice(1);
 }
 function camelCase(input) {
   const parts = toWordParts(input);
   if (parts.length === 0) {
     return "";
   }
-  const first = parts[0].toLowerCase();
+  const firstPart = parts[0];
+  if (!firstPart) {
+    return "";
+  }
+  const first = firstPart.toLowerCase();
   const rest = parts.slice(1).map((p) => upperFirst(p.toLowerCase()));
-  return [first, ...rest].join("");
+  return [first].concat(rest).join("");
 }
 function normalizeToWords(input) {
   return String(input).replace(/([a-z0-9])([A-Z])/g, "$1 $2").replace(/[^a-zA-Z0-9]+/g, " ").trim();
@@ -235,7 +239,7 @@ function sanitizeErrorValue(err, options) {
     message: truncateString(err.message || "", options.maxStringLen)
   };
   if (typeof err.stack === "string") {
-    out.stack = truncateString(err.stack, options.maxStringLen);
+    out["stack"] = truncateString(err.stack, options.maxStringLen);
   }
   return out;
 }
@@ -323,8 +327,12 @@ function sanitizeAny(value, options, state, depth, visited) {
   const entries = Object.entries(obj);
   const limit = entries.length > options.sanitizeObjectKeys ? options.sanitizeObjectKeys : entries.length;
   for (let i = 0;i < limit; i++) {
-    const key = entries[i][0];
-    const child = entries[i][1];
+    const entry = entries[i];
+    if (!entry) {
+      continue;
+    }
+    const key = entry[0];
+    const child = entry[1];
     if (isSensitiveKey(key, options.sensitiveKeyMatcher)) {
       out[key] = "[MASKED]";
       continue;
@@ -365,10 +373,10 @@ function setCtxUser(userId, roleCode, nickname, roleType) {
   const store = storage.getStore();
   if (!store)
     return;
-  store.userId = userId;
-  store.roleCode = roleCode;
-  store.nickname = nickname;
-  store.roleType = roleType;
+  store.userId = userId === undefined ? null : userId;
+  store.roleCode = roleCode === undefined ? null : roleCode;
+  store.nickname = nickname === undefined ? null : nickname;
+  store.roleType = roleType === undefined ? null : roleType;
 }
 var storage;
 var init_asyncContext = __esm(() => {
@@ -798,8 +806,8 @@ function buildLogLine(level, record) {
     return `${safeJsonStringify(out)}
 `;
   }
-  if (base.msg === undefined) {
-    base.msg = "";
+  if (base["msg"] === undefined) {
+    base["msg"] = "";
   }
   return `${safeJsonStringify(base)}
 `;
@@ -809,7 +817,7 @@ function safeJsonStringify(obj) {
     return JSON.stringify(obj);
   } catch {
     try {
-      return JSON.stringify({ level: obj.level, time: obj.time, pid: obj.pid, hostname: obj.hostname, msg: "[Unserializable log record]" });
+      return JSON.stringify({ level: obj["level"], time: obj["time"], pid: obj["pid"], hostname: obj["hostname"], msg: "[Unserializable log record]" });
     } catch {
       return '{"msg":"[Unserializable log record]"}';
     }
@@ -855,10 +863,10 @@ function metaToObject() {
     now: meta.now,
     durationSinceNowMs
   };
-  obj.userId = meta.userId;
-  obj.roleCode = meta.roleCode;
-  obj.nickname = meta.nickname;
-  obj.roleType = meta.roleType;
+  obj["userId"] = meta.userId;
+  obj["roleCode"] = meta.roleCode;
+  obj["nickname"] = meta.nickname;
+  obj["roleType"] = meta.roleType;
   return obj;
 }
 function mergeMetaIntoObject(input, meta) {
@@ -1309,7 +1317,7 @@ async function scanViewsDirToMenuConfigs(viewsDir, prefix, parentPath = "") {
   return menus;
 }
 function getParentPath(path) {
-  const parts = path.split("/").filter((p) => !!p);
+  const parts = path.split("/").filter((p) => Boolean(p));
   if (parts.length <= 1) {
     return "";
   }
@@ -7590,25 +7598,25 @@ async function checkApi(apis) {
         hasError = true;
         continue;
       }
-      if (typeof api?.routePath !== "string" || api.routePath.trim() === "") {
-        Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 routePath \u5C5E\u6027\u5FC5\u987B\u662F\u975E\u7A7A\u5B57\u7B26\u4E32\uFF08\u7531\u7CFB\u7EDF\u751F\u6210\uFF09" }));
+      if (typeof api?.path !== "string" || api.path.trim() === "") {
+        Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 path \u5C5E\u6027\u5FC5\u987B\u662F\u975E\u7A7A\u5B57\u7B26\u4E32\uFF08\u7531\u7CFB\u7EDF\u751F\u6210\uFF09" }));
         hasError = true;
       } else {
-        const routePath = api.routePath.trim();
-        if (/^(GET|POST|PUT|PATCH|DELETE|OPTIONS|HEAD)\b/i.test(routePath)) {
-          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 routePath \u4E0D\u5141\u8BB8\u5305\u542B method \u524D\u7F00\uFF0C\u5E94\u4E3A url.pathname\uFF08\u4F8B\u5982 /api/app/xxx\uFF09" }));
+        const path = api.path.trim();
+        if (/^(GET|POST|PUT|PATCH|DELETE|OPTIONS|HEAD)\b/i.test(path)) {
+          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 path \u4E0D\u5141\u8BB8\u5305\u542B method \u524D\u7F00\uFF0C\u5E94\u4E3A url.pathname\uFF08\u4F8B\u5982 /api/app/xxx\uFF09" }));
           hasError = true;
         }
-        if (!routePath.startsWith("/api/")) {
-          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 routePath \u5FC5\u987B\u4EE5 /api/ \u5F00\u5934" }));
+        if (!path.startsWith("/api/")) {
+          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 path \u5FC5\u987B\u4EE5 /api/ \u5F00\u5934" }));
           hasError = true;
         }
-        if (routePath.includes(" ")) {
-          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 routePath \u4E0D\u5141\u8BB8\u5305\u542B\u7A7A\u683C" }));
+        if (path.includes(" ")) {
+          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 path \u4E0D\u5141\u8BB8\u5305\u542B\u7A7A\u683C" }));
           hasError = true;
         }
-        if (routePath.includes("/api//")) {
-          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 routePath \u4E0D\u5141\u8BB8\u51FA\u73B0 /api//\uFF08\u91CD\u590D\u659C\u6760\uFF09" }));
+        if (path.includes("/api//")) {
+          Logger.warn(Object.assign({}, omit(api, ["handler"]), { msg: "\u63A5\u53E3\u7684 path \u4E0D\u5141\u8BB8\u51FA\u73B0 /api//\uFF08\u91CD\u590D\u659C\u6760\uFF09" }));
           hasError = true;
         }
       }
@@ -8320,7 +8328,7 @@ var presetFields = {
 };
 
 // utils/processAtSymbol.ts
-function processAtSymbol(fields, apiName, routePath) {
+function processAtSymbol(fields, apiName, path) {
   if (!fields || typeof fields !== "object")
     return fields;
   const processed = {};
@@ -8331,7 +8339,7 @@ function processAtSymbol(fields, apiName, routePath) {
         continue;
       }
       const validKeys = Object.keys(presetFields).join(", ");
-      throw new Error(`API [${apiName}] (${routePath}) \u5B57\u6BB5 [${key}] \u5F15\u7528\u4E86\u672A\u5B9A\u4E49\u7684\u9884\u8BBE\u5B57\u6BB5 "${value}"\u3002\u53EF\u7528\u7684\u9884\u8BBE\u5B57\u6BB5\u6709: ${validKeys}`);
+      throw new Error(`API [${apiName}] (${path}) \u5B57\u6BB5 [${key}] \u5F15\u7528\u4E86\u672A\u5B9A\u4E49\u7684\u9884\u8BBE\u5B57\u6BB5 "${value}"\u3002\u53EF\u7528\u7684\u9884\u8BBE\u5B57\u6BB5\u6709: ${validKeys}`);
     }
     processed[key] = value;
   }
@@ -8342,14 +8350,13 @@ function processAtSymbol(fields, apiName, routePath) {
 async function loadApis(apis) {
   const apisMap = new Map;
   for (const api of apis) {
-    const apiType = api.type;
-    if (apiType && apiType !== "api") {
+    if (api.type !== "api") {
       continue;
     }
     try {
       const apiRoute = api;
-      apiRoute.fields = processAtSymbol(apiRoute.fields || {}, apiRoute.name, apiRoute.routePath);
-      apisMap.set(apiRoute.routePath, apiRoute);
+      apiRoute.fields = processAtSymbol(apiRoute.fields || {}, apiRoute.name, apiRoute.path);
+      apisMap.set(apiRoute.path, apiRoute);
     } catch (error) {
       Logger.error({ err: error, api: api.relativePath, file: api.filePath, msg: "\u63A5\u53E3\u52A0\u8F7D\u5931\u8D25" });
       throw error;
@@ -8469,7 +8476,7 @@ async function loadHooks(hooks) {
     hooksMap.push({
       name: hookName,
       enable: true,
-      deps: hook.deps,
+      deps: Array.isArray(hook.deps) ? hook.deps : [],
       handler: hook.handler
     });
   }
@@ -8503,7 +8510,7 @@ async function loadPlugins(plugins, context) {
       pluginsMap.push({
         name: pluginName,
         enable: true,
-        deps: plugin.deps,
+        deps: Array.isArray(plugin.deps) ? plugin.deps : [],
         handler: plugin.handler
       });
     } catch (error) {
@@ -8642,11 +8649,12 @@ function apiHandler(apis, hooks, context) {
       requestId,
       corsHeaders: {
         "X-Request-ID": requestId
-      },
-      api: apis.get(apiPath),
-      response: undefined,
-      result: undefined
+      }
     };
+    const api = apis.get(apiPath);
+    if (api) {
+      ctx.api = api;
+    }
     return withCtx({
       requestId,
       method: req.method,
@@ -8667,9 +8675,9 @@ function apiHandler(apis, hooks, context) {
             apiName: ctx.api.name
           };
           if (ctx.body && Object.keys(ctx.body).length > 0) {
-            logData.body = ctx.body;
+            logData["body"] = ctx.body;
           }
-          logData.msg = "request";
+          logData["msg"] = "request";
           Logger.info(logData);
         }
         if (!ctx.api) {
@@ -8783,6 +8791,15 @@ function staticHandler(corsConfig = undefined) {
 // sync/syncApi.ts
 init_logger();
 init_util();
+var getApiParentPath = (apiPath) => {
+  const segments = apiPath.split("/").map((s) => s.trim()).filter((s) => s.length > 0);
+  const seg2 = segments[1] || "";
+  const take = seg2 === "addon" ? 4 : 3;
+  const parentSegments = segments.slice(0, Math.min(take, segments.length));
+  if (parentSegments.length === 0)
+    return "";
+  return `/${parentSegments.join("/")}`;
+};
 async function syncApi(ctx, apis) {
   const tableName = "addon_admin_api";
   if (!ctx.db) {
@@ -8797,55 +8814,61 @@ async function syncApi(ctx, apis) {
   }
   const allDbApis = await ctx.db.getAll({
     table: tableName,
-    fields: ["id", "routePath", "name", "addonName", "auth", "state"],
+    fields: ["id", "path", "parentPath", "name", "addonName", "auth", "state"],
     where: { state$gte: 0 }
   });
   const dbLists = allDbApis.data.lists || [];
-  const allDbApiMap = keyBy(dbLists, (item) => item.routePath);
+  const allDbApiMap = keyBy(dbLists, (item) => item.path);
   const insData = [];
   const updData = [];
   const delData = [];
   const apiRouteKeys = new Set;
   for (const api of apis) {
-    const apiType = api.type;
-    if (apiType && apiType !== "api") {
+    if (api.type !== "api") {
       continue;
     }
-    const normalizedAuth = api.auth === 0 || api.auth === false ? 0 : 1;
-    const normalizedApi = {
-      name: api.name,
-      routePath: api.routePath,
-      addonName: api.addonName,
-      auth: normalizedAuth
-    };
-    const routePath = normalizedApi.routePath;
-    apiRouteKeys.add(routePath);
-    const item = allDbApiMap[routePath];
+    const auth = api.auth === false || api.auth === 0 ? 0 : 1;
+    const parentPath = getApiParentPath(api.path);
+    apiRouteKeys.add(api.path);
+    const item = allDbApiMap[api.path];
     if (item) {
-      const dbAuth = item.auth === 0 || item.auth === false ? 0 : 1;
-      const shouldUpdate = normalizedApi.name !== item.name || normalizedApi.routePath !== item.routePath || normalizedApi.addonName !== item.addonName || normalizedAuth !== dbAuth;
+      const shouldUpdate = api.name !== item.name || api.path !== item.path || api.addonName !== item.addonName || parentPath !== item.parentPath || auth !== item.auth;
       if (shouldUpdate) {
-        updData.push({ id: item.id, api: normalizedApi });
+        updData.push({
+          id: item.id,
+          name: api.name,
+          path: api.path,
+          parentPath,
+          addonName: api.addonName,
+          auth
+        });
       }
     } else {
-      insData.push(normalizedApi);
+      insData.push({
+        name: api.name,
+        path: api.path,
+        parentPath,
+        addonName: api.addonName,
+        auth
+      });
     }
   }
   for (const record of dbLists) {
-    if (!apiRouteKeys.has(record.routePath)) {
+    if (!apiRouteKeys.has(record.path)) {
       delData.push(record.id);
     }
   }
   if (updData.length > 0) {
     try {
-      await ctx.db.updBatch(tableName, updData.map((item) => {
+      await ctx.db.updBatch(tableName, updData.map((api) => {
         return {
-          id: item.id,
+          id: api.id,
           data: {
-            name: item.api.name,
-            routePath: item.api.routePath,
-            addonName: item.api.addonName,
-            auth: item.api.auth === 0 || item.api.auth === false ? 0 : 1
+            name: api.name,
+            path: api.path,
+            parentPath: api.parentPath,
+            addonName: api.addonName,
+            auth: api.auth
           }
         };
       }));
@@ -8858,9 +8881,10 @@ async function syncApi(ctx, apis) {
       await ctx.db.insBatch(tableName, insData.map((api) => {
         return {
           name: api.name,
-          routePath: api.routePath,
+          path: api.path,
+          parentPath: api.parentPath,
           addonName: api.addonName,
-          auth: api.auth === 0 || api.auth === false ? 0 : 1
+          auth: api.auth
         };
       }));
     } catch (error) {
@@ -9000,7 +9024,6 @@ async function syncDev(ctx, config2 = {}) {
   if (!config2.devPassword) {
     return;
   }
-  const devEmail = typeof config2.devEmail === "string" && config2.devEmail.length > 0 ? config2.devEmail : "dev@qq.com";
   if (!ctx.db) {
     throw new Error("syncDev: ctx.db \u672A\u521D\u59CB\u5316\uFF08Db \u63D2\u4EF6\u672A\u52A0\u8F7D\u6216\u6CE8\u5165\u5931\u8D25\uFF09");
   }
@@ -9019,140 +9042,130 @@ async function syncDev(ctx, config2 = {}) {
     Logger.debug(`addon_admin_menu \u8868\u4E0D\u5B58\u5728`);
     return;
   }
+  if (!(await ctx.db.tableExists("addon_admin_api")).data) {
+    Logger.debug(`addon_admin_api \u8868\u4E0D\u5B58\u5728`);
+    return;
+  }
   const allMenus = await ctx.db.getAll({
     table: "addon_admin_menu",
     fields: ["path"],
     where: { state$gte: 0 },
     orderBy: ["id#ASC"]
   });
-  const menuPaths = Array.from(new Set((allMenus.data.lists || []).map((m) => typeof m?.path === "string" ? m.path.trim() : "").filter((p) => p.length > 0)));
-  const existApi = await ctx.db.tableExists("addon_admin_api");
-  let apiPaths = [];
-  if (existApi.data) {
-    const allApis = await ctx.db.getAll({
-      table: "addon_admin_api",
-      fields: ["routePath"],
-      where: { state$gte: 0 },
-      orderBy: ["id#ASC"]
-    });
-    apiPaths = Array.from(new Set((allApis.data.lists || []).map((a) => {
-      if (typeof a?.routePath !== "string") {
-        throw new Error("syncDev: addon_admin_api.routePath \u5FC5\u987B\u662F\u5B57\u7B26\u4E32");
-      }
-      const routePath = a.routePath.trim();
-      if (routePath.length === 0) {
-        throw new Error("syncDev: addon_admin_api.routePath \u4E0D\u5141\u8BB8\u4E3A\u7A7A\u5B57\u7B26\u4E32");
+  const allApis = await ctx.db.getAll({
+    table: "addon_admin_api",
+    fields: ["path"],
+    where: { state$gte: 0 },
+    orderBy: ["id#ASC"]
+  });
+  const devRole = await ctx.db.getOne({
+    table: "addon_admin_role",
+    where: { code: "dev" }
+  });
+  const devRoleData = {
+    code: "dev",
+    name: "\u5F00\u53D1\u8005\u89D2\u8272",
+    description: "\u62E5\u6709\u6240\u6709\u83DC\u5355\u548C\u63A5\u53E3\u6743\u9650\u7684\u5F00\u53D1\u8005\u89D2\u8272",
+    menus: allMenus.data.lists.map((item) => item.path).filter((v) => v),
+    apis: allApis.data.lists.map((item) => item.path).filter((v) => v),
+    sort: 0
+  };
+  if (devRole.data) {
+    await ctx.db.updData({
+      table: "addon_admin_role",
+      where: { code: "dev" },
+      data: {
+        name: devRoleData.name,
+        description: devRoleData.description,
+        menus: devRoleData.menus,
+        apis: devRoleData.apis,
+        sort: devRoleData.sort
       }
-      if (!routePath.startsWith("/")) {
-        throw new Error(`syncDev: addon_admin_api.routePath \u5FC5\u987B\u662F pathname\uFF08\u4EE5 / \u5F00\u5934\uFF09\uFF0C\u5F53\u524D\u503C=${routePath}`);
+    });
+  } else {
+    await ctx.db.insData({
+      table: "addon_admin_role",
+      data: devRoleData
+    });
+  }
+  const devAdminData = {
+    nickname: "\u5F00\u53D1\u8005",
+    email: config2.devEmail || "dev@qq.com",
+    username: "dev",
+    password: await Cipher.hashPassword(Cipher.sha256(config2.devPassword + "befly")),
+    roleCode: "dev",
+    roleType: "admin"
+  };
+  const devAdmin = await ctx.db.getOne({
+    table: "addon_admin_admin",
+    where: { username: "dev" }
+  });
+  if (devAdmin.data) {
+    await ctx.db.updData({
+      table: "addon_admin_admin",
+      where: { username: "dev" },
+      data: {
+        nickname: devAdminData.nickname,
+        email: devAdminData.email,
+        username: devAdminData.username,
+        password: devAdminData.password,
+        roleCode: devAdminData.roleCode,
+        roleType: devAdminData.roleType
       }
-      return routePath;
-    })));
+    });
+  } else {
+    await ctx.db.insData({
+      table: "addon_admin_admin",
+      data: devAdminData
+    });
   }
   const roles = [
-    {
-      code: "dev",
-      name: "\u5F00\u53D1\u8005\u89D2\u8272",
-      description: "\u62E5\u6709\u6240\u6709\u83DC\u5355\u548C\u63A5\u53E3\u6743\u9650\u7684\u5F00\u53D1\u8005\u89D2\u8272",
-      menus: menuPaths,
-      apis: apiPaths,
-      sort: 0
-    },
     {
       code: "user",
       name: "\u7528\u6237\u89D2\u8272",
       description: "\u666E\u901A\u7528\u6237\u89D2\u8272",
-      menus: [],
-      apis: [],
       sort: 1
     },
     {
       code: "admin",
       name: "\u7BA1\u7406\u5458\u89D2\u8272",
       description: "\u7BA1\u7406\u5458\u89D2\u8272",
-      menus: [],
-      apis: [],
       sort: 2
     },
     {
       code: "guest",
       name: "\u8BBF\u5BA2\u89D2\u8272",
       description: "\u8BBF\u5BA2\u89D2\u8272",
-      menus: [],
-      apis: [],
       sort: 3
     }
   ];
-  let devRole = null;
   for (const roleConfig of roles) {
     const existingRole = await ctx.db.getOne({
       table: "addon_admin_role",
       where: { code: roleConfig.code }
     });
-    if (existingRole.data) {
-      const nextMenus = roleConfig.menus;
-      const nextApis = roleConfig.apis;
-      const existingMenus = Array.isArray(existingRole.data.menus) ? existingRole.data.menus : [];
-      const existingApis = Array.isArray(existingRole.data.apis) ? existingRole.data.apis : [];
-      const menusChanged = existingMenus.length !== nextMenus.length || existingMenus.some((v, i) => v !== nextMenus[i]);
-      const apisChanged = existingApis.length !== nextApis.length || existingApis.some((v, i) => v !== nextApis[i]);
-      const hasChanges = existingRole.data.name !== roleConfig.name || existingRole.data.description !== roleConfig.description || menusChanged || apisChanged || existingRole.data.sort !== roleConfig.sort;
-      if (hasChanges) {
-        await ctx.db.updData({
-          table: "addon_admin_role",
-          where: { code: roleConfig.code },
-          data: {
-            name: roleConfig.name,
-            description: roleConfig.description,
-            menus: roleConfig.menus,
-            apis: roleConfig.apis,
-            sort: roleConfig.sort
-          }
-        });
-      }
-      if (roleConfig.code === "dev") {
-        devRole = existingRole.data;
-      }
+    if (existingRole.data?.id) {
+      await ctx.db.updData({
+        table: "addon_admin_role",
+        where: { code: roleConfig.code },
+        data: {
+          name: roleConfig.name,
+          description: roleConfig.description,
+          sort: roleConfig.sort
+        }
+      });
     } else {
-      const roleId = await ctx.db.insData({
+      await ctx.db.insData({
         table: "addon_admin_role",
-        data: roleConfig
+        data: {
+          code: roleConfig.code,
+          name: roleConfig.name,
+          description: roleConfig.description,
+          sort: roleConfig.sort
+        }
       });
-      if (roleConfig.code === "dev") {
-        devRole = { id: roleId.data };
-      }
     }
   }
-  if (!devRole) {
-    Logger.error("dev \u89D2\u8272\u4E0D\u5B58\u5728\uFF0C\u65E0\u6CD5\u521B\u5EFA\u5F00\u53D1\u8005\u8D26\u53F7");
-    return;
-  }
-  const sha256Hashed = Cipher.sha256(config2.devPassword + "befly");
-  const hashed = await Cipher.hashPassword(sha256Hashed);
-  const devData = {
-    nickname: "\u5F00\u53D1\u8005",
-    email: devEmail,
-    username: "dev",
-    password: hashed,
-    roleCode: "dev",
-    roleType: "admin"
-  };
-  const existing = await ctx.db.getOne({
-    table: "addon_admin_admin",
-    where: { email: devEmail }
-  });
-  if (existing.data) {
-    await ctx.db.updData({
-      table: "addon_admin_admin",
-      where: { email: devEmail },
-      data: devData
-    });
-  } else {
-    await ctx.db.insData({
-      table: "addon_admin_admin",
-      data: devData
-    });
-  }
 }
 
 // sync/syncMenu.ts
@@ -10081,8 +10094,14 @@ async function getTableColumnsRuntime(runtime, tableName) {
         let max = null;
         const m = /^(\w+)\s*\((\d+)\)/.exec(baseType);
         if (m) {
-          baseType = m[1];
-          max = Number(m[2]);
+          const base = m[1];
+          const maxText = m[2];
+          if (typeof base === "string") {
+            baseType = base;
+          }
+          if (typeof maxText === "string") {
+            max = Number(maxText);
+          }
         }
         columns[row.name] = {
           type: baseType.toLowerCase(),
@@ -10111,9 +10130,13 @@ async function getTableIndexesRuntime(runtime, tableName) {
       const q = getSyncTableIndexesQuery({ dialect: "mysql", table: tableName, dbName: runtime.dbName });
       const result = await runtime.db.unsafe(q.sql, q.params);
       for (const row of result.data) {
-        if (!indexes[row.INDEX_NAME])
-          indexes[row.INDEX_NAME] = [];
-        indexes[row.INDEX_NAME].push(row.COLUMN_NAME);
+        const indexName = row.INDEX_NAME;
+        const current = indexes[indexName];
+        if (Array.isArray(current)) {
+          current.push(row.COLUMN_NAME);
+        } else {
+          indexes[indexName] = [row.COLUMN_NAME];
+        }
       }
     } else if (runtime.dbDialect === "postgresql") {
       const q = getSyncTableIndexesQuery({ dialect: "postgresql", table: tableName, dbName: runtime.dbName });
@@ -10121,7 +10144,8 @@ async function getTableIndexesRuntime(runtime, tableName) {
       for (const row of result.data) {
         const m = /\(([^)]+)\)/.exec(row.indexdef);
         if (m) {
-          const col = m[1].replace(/"/g, "").trim();
+          const colPart = m[1];
+          const col = typeof colPart === "string" ? colPart.replace(/"/g, "").trim() : "";
           indexes[row.indexname] = [col];
         }
       }
@@ -10154,7 +10178,8 @@ async function ensureDbVersion(dbDialect, db) {
       throw new Error("\u65E0\u6CD5\u83B7\u53D6 MySQL \u7248\u672C\u4FE1\u606F");
     }
     const version = r.data[0].version;
-    const majorVersion = parseInt(String(version).split(".")[0], 10);
+    const majorPart = String(version).split(".")[0] || "0";
+    const majorVersion = parseInt(majorPart, 10);
     if (!Number.isFinite(majorVersion) || majorVersion < DB_VERSION_REQUIREMENTS.MYSQL_MIN_MAJOR) {
       throw new Error(`\u6B64\u811A\u672C\u4EC5\u652F\u6301 MySQL ${DB_VERSION_REQUIREMENTS.MYSQL_MIN_MAJOR}.0+\uFF0C\u5F53\u524D\u7248\u672C: ${version}`);
     }
@@ -10167,7 +10192,8 @@ async function ensureDbVersion(dbDialect, db) {
     }
     const versionText = r.data[0].version;
     const m = /PostgreSQL\s+(\d+)/i.exec(versionText);
-    const major = m ? parseInt(m[1], 10) : NaN;
+    const majorText = m ? m[1] : undefined;
+    const major = typeof majorText === "string" ? parseInt(majorText, 10) : NaN;
     if (!Number.isFinite(major) || major < DB_VERSION_REQUIREMENTS.POSTGRES_MIN_MAJOR) {
       throw new Error(`\u6B64\u811A\u672C\u8981\u6C42 PostgreSQL >= ${DB_VERSION_REQUIREMENTS.POSTGRES_MIN_MAJOR}\uFF0C\u5F53\u524D: ${versionText}`);
     }
@@ -10179,7 +10205,10 @@ async function ensureDbVersion(dbDialect, db) {
       throw new Error("\u65E0\u6CD5\u83B7\u53D6 SQLite \u7248\u672C\u4FE1\u606F");
     }
     const version = r.data[0].version;
-    const [maj, min, patch] = String(version).split(".").map((v) => parseInt(v, 10) || 0);
+    const parts = String(version).split(".").map((v) => parseInt(v, 10) || 0);
+    const maj = parts[0] ?? 0;
+    const min = parts[1] ?? 0;
+    const patch = parts[2] ?? 0;
     const vnum = maj * 1e4 + min * 100 + patch;
     if (!Number.isFinite(vnum) || vnum < DB_VERSION_REQUIREMENTS.SQLITE_MIN_VERSION_NUM) {
       throw new Error(`\u6B64\u811A\u672C\u8981\u6C42 SQLite >= ${DB_VERSION_REQUIREMENTS.SQLITE_MIN_VERSION}\uFF0C\u5F53\u524D: ${version}`);
@@ -10209,7 +10238,11 @@ function compareFieldDefinition(dbDialect, existingColumn, fieldDef) {
     }
   }
   const typeMapping = getTypeMapping(dbDialect);
-  const expectedType = typeMapping[fieldDef.type].toLowerCase();
+  const mapped = typeMapping[fieldDef.type];
+  if (typeof mapped !== "string") {
+    throw new Error(`\u672A\u77E5\u5B57\u6BB5\u7C7B\u578B\u6620\u5C04\uFF1Adialect=${dbDialect} type=${String(fieldDef.type)}`);
+  }
+  const expectedType = mapped.toLowerCase();
   const currentType = existingColumn.type.toLowerCase();
   if (currentType !== expectedType) {
     changes.push({
@@ -10519,8 +10552,8 @@ var calcPerfTime = (startTime, endTime = Bun.nanoseconds()) => {
 // utils/processInfo.ts
 function getProcessRole(env) {
   const runtimeEnv = env || {};
-  const bunWorkerId = runtimeEnv.BUN_WORKER_ID;
-  const pm2InstanceId = runtimeEnv.PM2_INSTANCE_ID;
+  const bunWorkerId = runtimeEnv["BUN_WORKER_ID"];
+  const pm2InstanceId = runtimeEnv["PM2_INSTANCE_ID"];
   if (bunWorkerId !== undefined) {
     return {
       role: bunWorkerId === "" ? "primary" : "worker",
@@ -12307,7 +12340,7 @@ class Validator {
     return {
       code: failed ? 1 : 0,
       failed,
-      firstError: failed ? errors[0] : null,
+      firstError: failed ? errors[0] ?? null : null,
       errors,
       errorFields,
       fieldErrors
@@ -12821,18 +12854,44 @@ class DbUtils {
       throw new Error("tableRef \u4E0D\u80FD\u4E3A\u7A7A");
     }
     const parts = trimmed.split(/\s+/).filter((p) => p.length > 0);
+    if (parts.length === 0) {
+      throw new Error("tableRef \u4E0D\u80FD\u4E3A\u7A7A");
+    }
     if (parts.length > 2) {
       throw new Error(`\u4E0D\u652F\u6301\u7684\u8868\u5F15\u7528\u683C\u5F0F\uFF08\u5305\u542B\u8FC7\u591A\u7247\u6BB5\uFF09\u3002\u8BF7\u4F7F\u7528\u6700\u7B80\u5F62\u5F0F\uFF1Atable \u6216 table alias \u6216 schema.table \u6216 schema.table alias (tableRef: ${trimmed})`);
     }
     const namePart = parts[0];
-    const aliasPart = parts.length === 2 ? parts[1] : null;
+    if (typeof namePart !== "string" || namePart.trim() === "") {
+      throw new Error(`tableRef \u89E3\u6790\u5931\u8D25\uFF1A\u7F3A\u5C11\u8868\u540D (tableRef: ${trimmed})`);
+    }
+    let aliasPart = null;
+    if (parts.length === 2) {
+      const alias = parts[1];
+      if (typeof alias !== "string" || alias.trim() === "") {
+        throw new Error(`tableRef \u89E3\u6790\u5931\u8D25\uFF1A\u7F3A\u5C11 alias (tableRef: ${trimmed})`);
+      }
+      aliasPart = alias;
+    }
     const nameSegments = namePart.split(".");
     if (nameSegments.length > 2) {
       throw new Error(`\u4E0D\u652F\u6301\u7684\u8868\u5F15\u7528\u683C\u5F0F\uFF08schema \u5C42\u7EA7\u8FC7\u6DF1\uFF09 (tableRef: ${trimmed})`);
     }
-    const schema = nameSegments.length === 2 ? nameSegments[0] : null;
-    const table = nameSegments.length === 2 ? nameSegments[1] : nameSegments[0];
-    return { schema, table, alias: aliasPart };
+    if (nameSegments.length === 2) {
+      const schema = nameSegments[0];
+      const table2 = nameSegments[1];
+      if (typeof schema !== "string" || schema.trim() === "") {
+        throw new Error(`tableRef \u89E3\u6790\u5931\u8D25\uFF1Aschema \u4E3A\u7A7A (tableRef: ${trimmed})`);
+      }
+      if (typeof table2 !== "string" || table2.trim() === "") {
+        throw new Error(`tableRef \u89E3\u6790\u5931\u8D25\uFF1Atable \u4E3A\u7A7A (tableRef: ${trimmed})`);
+      }
+      return { schema, table: table2, alias: aliasPart };
+    }
+    const table = nameSegments[0];
+    if (typeof table !== "string" || table.trim() === "") {
+      throw new Error(`tableRef \u89E3\u6790\u5931\u8D25\uFF1Atable \u4E3A\u7A7A (tableRef: ${trimmed})`);
+    }
+    return { schema: null, table, alias: aliasPart };
   }
   static normalizeTableRef(tableRef) {
     const parsed = DbUtils.parseTableRef(tableRef);
@@ -12910,7 +12969,15 @@ class DbUtils {
       if (typeof item !== "string" || !item.includes("#")) {
         return item;
       }
-      const [field, direction] = item.split("#");
+      const parts = item.split("#");
+      if (parts.length !== 2) {
+        return item;
+      }
+      const field = parts[0];
+      const direction = parts[1];
+      if (typeof field !== "string" || typeof direction !== "string") {
+        return item;
+      }
       return `${snakeCase(field.trim())}#${direction.trim()}`;
     });
   }
@@ -12920,14 +12987,26 @@ class DbUtils {
     }
     if (field.toUpperCase().includes(" AS ")) {
       const parts = field.split(/\s+AS\s+/i);
-      const fieldPart = parts[0].trim();
-      const aliasPart = parts[1].trim();
-      return `${DbUtils.processJoinField(fieldPart)} AS ${aliasPart}`;
+      const fieldPart = parts[0];
+      const aliasPart = parts[1];
+      if (typeof fieldPart !== "string" || typeof aliasPart !== "string") {
+        return field;
+      }
+      return `${DbUtils.processJoinField(fieldPart.trim())} AS ${aliasPart.trim()}`;
     }
     if (field.includes(".")) {
       const parts = field.split(".");
-      const tableName = parts[0];
-      const fieldName = parts[1];
+      if (parts.length < 2) {
+        return snakeCase(field);
+      }
+      if (parts.some((p) => p.trim() === "")) {
+        return field;
+      }
+      const fieldName = parts[parts.length - 1];
+      const tableName = parts.slice(0, parts.length - 1).join(".");
+      if (typeof fieldName !== "string" || typeof tableName !== "string") {
+        return snakeCase(field);
+      }
       return `${tableName.trim()}.${snakeCase(fieldName)}`;
     }
     return snakeCase(field);
@@ -12942,16 +13021,34 @@ class DbUtils {
       const operator = key.substring(lastDollarIndex);
       if (fieldPart.includes(".")) {
         const parts = fieldPart.split(".");
-        const tableName = parts[0];
-        const fieldName = parts[1];
+        if (parts.length < 2) {
+          return `${snakeCase(fieldPart)}${operator}`;
+        }
+        if (parts.some((p) => p.trim() === "")) {
+          return `${snakeCase(fieldPart)}${operator}`;
+        }
+        const fieldName = parts[parts.length - 1];
+        const tableName = parts.slice(0, parts.length - 1).join(".");
+        if (typeof fieldName !== "string" || typeof tableName !== "string") {
+          return `${snakeCase(fieldPart)}${operator}`;
+        }
         return `${tableName.trim()}.${snakeCase(fieldName)}${operator}`;
       }
       return `${snakeCase(fieldPart)}${operator}`;
     }
     if (key.includes(".")) {
       const parts = key.split(".");
-      const tableName = parts[0];
-      const fieldName = parts[1];
+      if (parts.length < 2) {
+        return snakeCase(key);
+      }
+      if (parts.some((p) => p.trim() === "")) {
+        return snakeCase(key);
+      }
+      const fieldName = parts[parts.length - 1];
+      const tableName = parts.slice(0, parts.length - 1).join(".");
+      if (typeof fieldName !== "string" || typeof tableName !== "string") {
+        return snakeCase(key);
+      }
       return `${tableName.trim()}.${snakeCase(fieldName)}`;
     }
     return snakeCase(key);
@@ -12984,7 +13081,15 @@ class DbUtils {
       if (typeof item !== "string" || !item.includes("#")) {
         return item;
       }
-      const [field, direction] = item.split("#");
+      const parts = item.split("#");
+      if (parts.length !== 2) {
+        return item;
+      }
+      const field = parts[0];
+      const direction = parts[1];
+      if (typeof field !== "string" || typeof direction !== "string") {
+        return item;
+      }
       return `${DbUtils.processJoinField(field.trim())}#${direction.trim()}`;
     });
   }
@@ -13105,10 +13210,10 @@ class DbUtils {
     for (const [key, value] of Object.entries(userData)) {
       result[key] = value;
     }
-    result.id = options.id;
-    result.created_at = options.now;
-    result.updated_at = options.now;
-    result.state = 1;
+    result["id"] = options.id;
+    result["created_at"] = options.now;
+    result["updated_at"] = options.now;
+    result["state"] = 1;
     return result;
   }
   static buildUpdateRow(options) {
@@ -13118,7 +13223,7 @@ class DbUtils {
     for (const [key, value] of Object.entries(userData)) {
       result[key] = value;
     }
-    result.updated_at = options.now;
+    result["updated_at"] = options.now;
     return result;
   }
   static buildPartialUpdateData(options) {
@@ -13242,6 +13347,7 @@ var SqlBuilderError = {
   QUOTE_IDENT_NEED_STRING: (identifier) => `quoteIdent \u9700\u8981\u5B57\u7B26\u4E32\u7C7B\u578B\u6807\u8BC6\u7B26 (identifier: ${String(identifier)})`,
   IDENT_EMPTY: "SQL \u6807\u8BC6\u7B26\u4E0D\u80FD\u4E3A\u7A7A",
   FIELD_EXPR_NOT_ALLOWED: (field) => `\u5B57\u6BB5\u5305\u542B\u51FD\u6570/\u8868\u8FBE\u5F0F\uFF0C\u8BF7\u4F7F\u7528 selectRaw/whereRaw (field: ${field})`,
+  FIELD_INVALID: (field) => `\u5B57\u6BB5\u683C\u5F0F\u975E\u6CD5\uFF0C\u8BF7\u4F7F\u7528\u7B80\u5355\u5B57\u6BB5\u540D\u6216\u5B89\u5168\u5F15\u7528\uFF0C\u590D\u6742\u8868\u8FBE\u5F0F\u8BF7\u4F7F\u7528 selectRaw/whereRaw (field: ${field})`,
   FROM_EMPTY: "FROM \u8868\u540D\u4E0D\u80FD\u4E3A\u7A7A",
   FROM_NEED_NON_EMPTY: (table) => `FROM \u8868\u540D\u5FC5\u987B\u662F\u975E\u7A7A\u5B57\u7B26\u4E32 (table: ${String(table)})`,
   FROM_REQUIRED: "FROM \u8868\u540D\u662F\u5FC5\u9700\u7684",
@@ -13345,10 +13451,18 @@ class SqlBuilder {
     }
     if (field.toUpperCase().includes(" AS ")) {
       const parts = field.split(/\s+AS\s+/i);
-      const fieldPart = parts[0].trim();
-      const aliasPart = parts[1].trim();
-      SqlCheck.assertSafeAlias(aliasPart);
-      return `${this._escapeField(fieldPart)} AS ${aliasPart}`;
+      if (parts.length !== 2) {
+        throw new Error(SqlBuilderError.FIELD_INVALID(field));
+      }
+      const fieldPart = parts[0];
+      const aliasPart = parts[1];
+      if (typeof fieldPart !== "string" || typeof aliasPart !== "string") {
+        throw new Error(SqlBuilderError.FIELD_INVALID(field));
+      }
+      const cleanFieldPart = fieldPart.trim();
+      const cleanAliasPart = aliasPart.trim();
+      SqlCheck.assertSafeAlias(cleanAliasPart);
+      return `${this._escapeField(cleanFieldPart)} AS ${cleanAliasPart}`;
     }
     if (field.includes(".")) {
       const parts = field.split(".");
@@ -13382,16 +13496,26 @@ class SqlBuilder {
     if (parts.length > 2) {
       throw new Error(SqlBuilderError.TABLE_REF_TOO_MANY_PARTS(table));
     }
-    const namePart = parts[0].trim();
-    const aliasPart = parts.length === 2 ? parts[1].trim() : null;
+    const namePartRaw = parts[0];
+    if (typeof namePartRaw !== "string" || namePartRaw.trim() === "") {
+      throw new Error(SqlBuilderError.FROM_EMPTY);
+    }
+    const namePart = namePartRaw.trim();
+    const aliasPartRaw = parts.length === 2 ? parts[1] : null;
+    const aliasPart = typeof aliasPartRaw === "string" ? aliasPartRaw.trim() : null;
     const nameSegments = namePart.split(".");
     if (nameSegments.length > 2) {
       throw new Error(SqlBuilderError.TABLE_REF_SCHEMA_TOO_DEEP(table));
     }
     let escapedName = "";
     if (nameSegments.length === 2) {
-      const schema = nameSegments[0].trim();
-      const tableName = nameSegments[1].trim();
+      const schemaRaw = nameSegments[0];
+      const tableNameRaw = nameSegments[1];
+      if (typeof schemaRaw !== "string" || typeof tableNameRaw !== "string") {
+        throw new Error(SqlBuilderError.TABLE_REF_SCHEMA_TOO_DEEP(table));
+      }
+      const schema = schemaRaw.trim();
+      const tableName = tableNameRaw.trim();
       const escapedSchema = this._isQuotedIdent(schema) ? schema : (() => {
         if (this._startsWithQuote(schema) && !this._isQuotedIdent(schema)) {
           throw new Error(SqlBuilderError.SCHEMA_QUOTE_NOT_PAIRED(schema));
@@ -13408,7 +13532,11 @@ class SqlBuilder {
       })();
       escapedName = `${escapedSchema}.${escapedTableName}`;
     } else {
-      const tableName = nameSegments[0].trim();
+      const tableNameRaw = nameSegments[0];
+      if (typeof tableNameRaw !== "string") {
+        throw new Error(SqlBuilderError.FROM_EMPTY);
+      }
+      const tableName = tableNameRaw.trim();
       if (this._isQuotedIdent(tableName)) {
         escapedName = tableName;
       } else {
@@ -13666,7 +13794,15 @@ class SqlBuilder {
       if (typeof item !== "string" || !item.includes("#")) {
         throw new Error(SqlBuilderError.ORDER_BY_ITEM_NEED_HASH(item));
       }
-      const [fieldName, direction] = item.split("#");
+      const parts = item.split("#");
+      if (parts.length !== 2) {
+        throw new Error(SqlBuilderError.ORDER_BY_ITEM_NEED_HASH(item));
+      }
+      const fieldName = parts[0];
+      const direction = parts[1];
+      if (typeof fieldName !== "string" || typeof direction !== "string") {
+        throw new Error(SqlBuilderError.ORDER_BY_ITEM_NEED_HASH(item));
+      }
       const cleanField = fieldName.trim();
       const cleanDir = direction.trim().toUpperCase();
       if (!cleanField) {
@@ -13763,7 +13899,9 @@ class SqlBuilder {
       for (let i = 0;i < data.length; i++) {
         const row = data[i];
         for (const field of fields) {
-          params.push(row[field]);
+          const value = row[field];
+          this._validateParam(value);
+          params.push(value);
         }
       }
       return { sql, params };
@@ -13778,7 +13916,12 @@ class SqlBuilder {
       const escapedFields = fields.map((field) => this._escapeField(field));
       const placeholders = fields.map(() => "?").join(", ");
       const sql = `INSERT INTO ${escapedTable} (${escapedFields.join(", ")}) VALUES (${placeholders})`;
-      const params = fields.map((field) => data[field]);
+      const params = [];
+      for (const field of fields) {
+        const value = data[field];
+        this._validateParam(value);
+        params.push(value);
+      }
       return { sql, params };
     }
   }
@@ -13880,7 +14023,9 @@ class SqlBuilder {
         }
         whenList.push("WHEN ? THEN ?");
         args.push(row.id);
-        args.push(row.data[field]);
+        const value = row.data[field];
+        SqlCheck.assertNoUndefinedParam(value, "SQL \u53C2\u6570\u503C");
+        args.push(value);
       }
       if (whenList.length === 0) {
         continue;
@@ -13912,7 +14057,7 @@ class DbHelper {
   constructor(options) {
     this.redis = options.redis;
     this.sql = options.sql || null;
-    this.isTransaction = !!options.sql;
+    this.isTransaction = Boolean(options.sql);
     this.dialect = options.dialect ? options.dialect : new MySqlDialect;
   }
   createSqlBuilder() {
@@ -14042,7 +14187,8 @@ class DbHelper {
   }
   async getCount(options) {
     const { table, where, joins, tableQualifier } = await this.prepareQueryOptions(options);
-    const builder = this.createSqlBuilder().selectRaw("COUNT(*) as count").from(table).where(DbUtils.addDefaultStateFilter(where, tableQualifier, !!joins));
+    const hasJoins = Array.isArray(joins) && joins.length > 0;
+    const builder = this.createSqlBuilder().selectRaw("COUNT(*) as count").from(table).where(DbUtils.addDefaultStateFilter(where, tableQualifier, hasJoins));
     this.applyJoins(builder, joins);
     const { sql, params } = builder.toSelectSql();
     const execRes = await this.executeWithConn(sql, params);
@@ -14054,7 +14200,8 @@ class DbHelper {
   }
   async getOne(options) {
     const { table, fields, where, joins, tableQualifier } = await this.prepareQueryOptions(options);
-    const builder = this.createSqlBuilder().select(fields).from(table).where(DbUtils.addDefaultStateFilter(where, tableQualifier, !!joins));
+    const hasJoins = Array.isArray(joins) && joins.length > 0;
+    const builder = this.createSqlBuilder().select(fields).from(table).where(DbUtils.addDefaultStateFilter(where, tableQualifier, hasJoins));
     this.applyJoins(builder, joins);
     const { sql, params } = builder.toSelectSql();
     const execRes = await this.executeWithConn(sql, params);
@@ -14074,12 +14221,16 @@ class DbHelper {
         sql: execRes.sql
       };
     }
-    const data = convertBigIntFields([deserialized])[0];
+    const convertedList = convertBigIntFields([deserialized]);
+    const data = convertedList[0] ?? deserialized;
     return {
       data,
       sql: execRes.sql
     };
   }
+  async getDetail(options) {
+    return await this.getOne(options);
+  }
   async getList(options) {
     const prepared = await this.prepareQueryOptions(options);
     if (prepared.page < 1 || prepared.page > 1e4) {
@@ -14088,7 +14239,7 @@ class DbHelper {
     if (prepared.limit < 1 || prepared.limit > 1000) {
       throw new Error(`\u6BCF\u9875\u6570\u91CF\u5FC5\u987B\u5728 1 \u5230 1000 \u4E4B\u95F4 (table: ${options.table}, page: ${prepared.page}, limit: ${prepared.limit})`);
     }
-    const whereFiltered = DbUtils.addDefaultStateFilter(prepared.where, prepared.tableQualifier, !!prepared.joins);
+    const whereFiltered = DbUtils.addDefaultStateFilter(prepared.where, prepared.tableQualifier, Array.isArray(prepared.joins) && prepared.joins.length > 0);
     const countBuilder = this.createSqlBuilder().selectRaw("COUNT(*) as total").from(prepared.table).where(whereFiltered);
     this.applyJoins(countBuilder, prepared.joins);
     const { sql: countSql, params: countParams } = countBuilder.toSelectSql();
@@ -14136,8 +14287,21 @@ class DbHelper {
   async getAll(options) {
     const MAX_LIMIT = 1e4;
     const WARNING_LIMIT = 1000;
-    const prepared = await this.prepareQueryOptions({ ...options, page: 1, limit: 10 });
-    const whereFiltered = DbUtils.addDefaultStateFilter(prepared.where, prepared.tableQualifier, !!prepared.joins);
+    const prepareOptions = {
+      table: options.table,
+      page: 1,
+      limit: 10
+    };
+    if (options.fields !== undefined)
+      prepareOptions.fields = options.fields;
+    if (options.where !== undefined)
+      prepareOptions.where = options.where;
+    if (options.joins !== undefined)
+      prepareOptions.joins = options.joins;
+    if (options.orderBy !== undefined)
+      prepareOptions.orderBy = options.orderBy;
+    const prepared = await this.prepareQueryOptions(prepareOptions);
+    const whereFiltered = DbUtils.addDefaultStateFilter(prepared.where, prepared.tableQualifier, Array.isArray(prepared.joins) && prepared.joins.length > 0);
     const countBuilder = this.createSqlBuilder().selectRaw("COUNT(*) as total").from(prepared.table).where(whereFiltered);
     this.applyJoins(countBuilder, prepared.joins);
     const { sql: countSql, params: countParams } = countBuilder.toSelectSql();
@@ -14197,7 +14361,7 @@ class DbHelper {
     const builder = this.createSqlBuilder();
     const { sql, params } = builder.toInsertSql(snakeTable, processed);
     const execRes = await this.executeWithConn(sql, params);
-    const insertedId = processed.id || execRes.data?.lastInsertRowid || 0;
+    const insertedId = processed["id"] || execRes.data?.lastInsertRowid || 0;
     return {
       data: insertedId,
       sql: execRes.sql
@@ -14222,7 +14386,11 @@ class DbHelper {
     }
     const now = Date.now();
     const processedList = dataList.map((data, index) => {
-      return DbUtils.buildInsertRow({ data, id: ids[index], now });
+      const id = ids[index];
+      if (typeof id !== "number") {
+        throw new Error(`\u6279\u91CF\u63D2\u5165\u751F\u6210 ID \u5931\u8D25\uFF1Aids[${index}] \u4E0D\u662F number (table: ${snakeTable})`);
+      }
+      return DbUtils.buildInsertRow({ data, id, now });
     });
     const insertFields = SqlCheck.assertBatchInsertRowsConsistent(processedList, { table: snakeTable });
     const builder = this.createSqlBuilder();
@@ -14505,38 +14673,50 @@ class Jwt {
     };
   }
   sign(payload, options = {}) {
-    const key = options.secret || this.config.secret || "befly-secret";
+    const key = options.secret || this.config.secret;
     const algorithm = options.algorithm || this.config.algorithm || "HS256";
-    const signer = import_fast_jwt.createSigner({
+    const signerOptions = {
       key,
       algorithm,
-      expiresIn: options.expiresIn || this.config.expiresIn,
-      iss: options.issuer,
-      aud: options.audience,
-      sub: options.subject,
-      jti: options.jwtId,
-      notBefore: typeof options.notBefore === "number" ? options.notBefore : undefined
-    });
+      expiresIn: options.expiresIn ?? this.config.expiresIn
+    };
+    if (options.issuer !== undefined)
+      signerOptions.iss = options.issuer;
+    if (options.audience !== undefined)
+      signerOptions.aud = options.audience;
+    if (options.subject !== undefined)
+      signerOptions.sub = options.subject;
+    if (options.jwtId !== undefined)
+      signerOptions.jti = options.jwtId;
+    if (typeof options.notBefore === "number")
+      signerOptions.notBefore = options.notBefore;
+    const signer = import_fast_jwt.createSigner(signerOptions);
     return signer(payload);
   }
   verify(token, options = {}) {
     if (!token || typeof token !== "string") {
       throw new Error("Token\u5FC5\u987B\u662F\u975E\u7A7A\u5B57\u7B26\u4E32");
     }
-    const key = options.secret || this.config.secret || "befly-secret";
+    const key = options.secret || this.config.secret;
     const algorithm = this.config.algorithm || "HS256";
     const algorithms = options.algorithms ? options.algorithms : [algorithm];
-    const verifier = import_fast_jwt.createVerifier({
+    const verifierOptions = {
       key,
       algorithms,
-      allowedIss: options.issuer,
-      allowedAud: options.audience,
-      allowedSub: options.subject,
-      ignoreExpiration: options.ignoreExpiration,
-      ignoreNotBefore: options.ignoreNotBefore,
       cache: true,
       cacheTTL: 600000
-    });
+    };
+    if (options.issuer !== undefined)
+      verifierOptions.allowedIss = options.issuer;
+    if (options.audience !== undefined)
+      verifierOptions.allowedAud = options.audience;
+    if (options.subject !== undefined)
+      verifierOptions.allowedSub = options.subject;
+    if (typeof options.ignoreExpiration === "boolean")
+      verifierOptions.ignoreExpiration = options.ignoreExpiration;
+    if (typeof options.ignoreNotBefore === "boolean")
+      verifierOptions.ignoreNotBefore = options.ignoreNotBefore;
+    const verifier = import_fast_jwt.createVerifier(verifierOptions);
     return verifier(token);
   }
   decode(token, complete = false) {
@@ -15147,7 +15327,7 @@ async function scanFiles(dir, source, type, pattern) {
       const base = {
         source,
         type,
-        sourceName: { core: "\u6838\u5FC3", addon: "\u7EC4\u4EF6", app: "\u9879\u76EE" }[source],
+        sourceName: source === "core" ? "\u6838\u5FC3" : source === "addon" ? "\u7EC4\u4EF6" : "\u9879\u76EE",
         filePath: normalizedFile,
         relativePath,
         fileName,
@@ -15158,28 +15338,28 @@ async function scanFiles(dir, source, type, pattern) {
         customKeys: isPlainObject(content) ? Object.keys(content) : []
       };
       if (type === "table") {
-        base.content = content;
+        base["content"] = content;
         results.push(base);
         continue;
       }
       if (type === "api") {
-        base.auth = true;
-        base.rawBody = false;
-        base.method = "POST";
-        base.fields = {};
-        base.required = [];
+        base["auth"] = true;
+        base["rawBody"] = false;
+        base["method"] = "POST";
+        base["fields"] = {};
+        base["required"] = [];
       }
       if (type === "plugin" || type === "hook") {
-        base.deps = [];
-        base.name = "";
-        base.handler = null;
+        base["deps"] = [];
+        base["name"] = "";
+        base["handler"] = null;
       }
       forOwn(content, (value, key) => {
         base[key] = value;
       });
       if (type === "api") {
-        base.routePrefix = source === "app" ? "/app" : `/addon/${addonName}`;
-        base.routePath = `/api${base.routePrefix}/${relativePath}`;
+        base["routePrefix"] = source === "app" ? "/app" : `/addon/${addonName}`;
+        base["path"] = `/api${base["routePrefix"]}/${relativePath}`;
       }
       results.push(base);
     }
@@ -15235,11 +15415,11 @@ class Befly {
   async start(env = {}) {
     try {
       const serverStartTime = Bun.nanoseconds();
-      this.config = await loadBeflyConfig(env.NODE_ENV || "development");
+      this.config = await loadBeflyConfig(env["NODE_ENV"] || "development");
       this.context.config = this.config;
       this.context.env = env;
       const { apis, tables, plugins, hooks, addons } = await scanSources();
-      this.context.addons = addons;
+      this.context["addons"] = addons;
       await checkApi(apis);
       await checkTable(tables);
       await checkPlugin(plugins);
@@ -15262,15 +15442,23 @@ class Befly {
       await syncTable(this.context, tables);
       await syncApi(this.context, apis);
       await syncMenu(this.context, checkedMenus);
-      await syncDev(this.context, { devEmail: this.config.devEmail, devPassword: this.config.devPassword });
+      const devEmail = this.config.devEmail;
+      const devPassword = this.config.devPassword;
+      if (typeof devEmail === "string" && devEmail.length > 0 && typeof devPassword === "string" && devPassword.length > 0) {
+        await syncDev(this.context, { devEmail, devPassword });
+      } else {
+        Logger.debug("\u8DF3\u8FC7 syncDev\uFF1A\u672A\u914D\u7F6E devEmail/devPassword");
+      }
       await syncCache(this.context);
       this.hooks = await loadHooks(hooks);
       this.apis = await loadApis(apis);
       const apiFetch = apiHandler(this.apis, this.hooks, this.context);
       const staticFetch = staticHandler(this.config.cors);
+      const port = typeof this.config.appPort === "number" ? this.config.appPort : 3000;
+      const hostname = typeof this.config.appHost === "string" && this.config.appHost.length > 0 ? this.config.appHost : "0.0.0.0";
       const server = Bun.serve({
-        port: this.config.appPort,
-        hostname: this.config.appHost,
+        port,
+        hostname,
         development: this.config.nodeEnv === "development",
         idleTimeout: 30,
         fetch: async (req, bunServer) => {