npm - befly - Versions diffs - 3.16.8 → 3.16.10 - Mend

befly 3.16.8 → 3.16.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/befly.js +101 -12
package/dist/befly.min.js +17 -17
package/dist/checks/checkApi.js +18 -3
package/dist/hooks/permission.d.ts +1 -0
package/dist/hooks/permission.js +14 -0
package/dist/lib/dbHelper.js +39 -8
package/dist/sync/syncApi.js +26 -3
package/dist/types/api.d.ts +8 -6
package/dist/types/sync.d.ts +2 -2
package/dist/utils/scanFiles.js +2 -2
package/dist/utils/util.d.ts +6 -0
package/dist/utils/util.js +21 -0
package/package.json +2 -2

package/dist/befly.js CHANGED Viewed

@@ -101,6 +101,22 @@ function isFiniteNumber(value) {
 function isIntegerNumber(value) {
   return typeof value === "number" && Number.isFinite(value) && Number.isInteger(value);
 }
+function canConvertToNumber(value) {
+  const maxSafe = BigInt(Number.MAX_SAFE_INTEGER);
+  const minSafe = BigInt(Number.MIN_SAFE_INTEGER);
+  if (value > maxSafe || value < minSafe) {
+    return null;
+  }
+  const asNumber = Number(value);
+  if (!Number.isSafeInteger(asNumber)) {
+    return null;
+  }
+  const text = String(asNumber);
+  if (text.includes("e") || text.includes("E")) {
+    return null;
+  }
+  return asNumber;
+}
 function formatValuePreview(value) {
   if (value === null) {
     return "null";
@@ -7887,9 +7903,19 @@ async function checkApi(apis) {
         hasError = true;
       }
       const auth = record["auth"];
-      if (auth !== undefined && typeof auth !== "boolean") {
-        Logger.warn(Object.assign({}, omit(record, ["handler"]), { msg: "\u63A5\u53E3\u7684 auth \u5C5E\u6027\u5FC5\u987B\u662F\u5E03\u5C14\u503C (true=\u9700\u767B\u5F55, false=\u516C\u5F00)" }));
-        hasError = true;
+      if (auth !== undefined) {
+        if (typeof auth === "boolean") {} else if (Array.isArray(auth)) {
+          if (auth.length === 0) {
+            Logger.warn(Object.assign({}, omit(record, ["handler"]), { msg: "\u63A5\u53E3\u7684 auth \u6570\u7EC4\u4E0D\u80FD\u4E3A\u7A7A" }));
+            hasError = true;
+          } else if (auth.some((item) => typeof item !== "string" || item.trim() === "")) {
+            Logger.warn(Object.assign({}, omit(record, ["handler"]), { msg: "\u63A5\u53E3\u7684 auth \u6570\u7EC4\u5FC5\u987B\u4E3A\u975E\u7A7A\u5B57\u7B26\u4E32\u6570\u7EC4\uFF08roleType \u5217\u8868\uFF09" }));
+            hasError = true;
+          }
+        } else {
+          Logger.warn(Object.assign({}, omit(record, ["handler"]), { msg: "\u63A5\u53E3\u7684 auth \u5C5E\u6027\u5FC5\u987B\u662F boolean \u6216 string[]" }));
+          hasError = true;
+        }
       }
       const fields = record["fields"];
       if (fields !== undefined && fields !== null && !isPlainObject(fields)) {
@@ -9713,6 +9739,25 @@ var getApiParentPath = (apiPath) => {
     return "";
   return `/${parentSegments.join("/")}`;
 };
+var normalizeAuthForDb = (value) => {
+  if (value === false || value === 0 || value === "0" || value === "\u5426") {
+    return "\u5426";
+  }
+  if (Array.isArray(value)) {
+    const list = value.filter((item) => typeof item === "string").map((item) => item.trim()).filter((item) => item !== "");
+    if (list.length > 0) {
+      return list.join(",");
+    }
+    return "\u662F";
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (trimmed !== "") {
+      return trimmed;
+    }
+  }
+  return "\u662F";
+};
 async function syncApi(ctx, apis) {
   const tableName = "addon_admin_api";
   if (!ctx.db) {
@@ -9752,12 +9797,13 @@ async function syncApi(ctx, apis) {
     }
     const addonName = typeof addonNameRaw === "string" ? addonNameRaw : "";
     const authRaw = record["auth"];
-    const auth = authRaw === false || authRaw === 0 ? 0 : 1;
+    const auth = normalizeAuthForDb(authRaw);
     const parentPath = getApiParentPath(path);
     apiRouteKeys.add(path);
     const item = allDbApiMap[path];
     if (item) {
-      const shouldUpdate = name !== item.name || path !== item.path || addonName !== item.addonName || parentPath !== item.parentPath || auth !== item.auth;
+      const existingAuth = normalizeAuthForDb(item.auth);
+      const shouldUpdate = name !== item.name || path !== item.path || addonName !== item.addonName || parentPath !== item.parentPath || auth !== existingAuth;
       if (shouldUpdate) {
         updData.push({
           id: item.id,
@@ -13112,6 +13158,7 @@ var permissionHook = {
     if (ctx.api.auth === false) {
       return;
     }
+    const authRule = ctx.api.auth;
     if (typeof ctx.user.id !== "number") {
       ctx.response = ErrorResponse(ctx, "\u672A\u767B\u5F55", 1, null, null, "auth");
       return;
@@ -13119,6 +13166,17 @@ var permissionHook = {
     if (ctx.user.roleCode === "dev") {
       return;
     }
+    if (Array.isArray(authRule)) {
+      const roleType = ctx.user.roleType;
+      if (typeof roleType !== "string" || !authRule.includes(roleType)) {
+        const apiNameLabel = typeof ctx.api.name === "string" && ctx.api.name.length > 0 ? ctx.api.name : null;
+        const apiPathLabel = typeof ctx.route === "string" && ctx.route.length > 0 ? ctx.route : null;
+        const apiLabel = apiNameLabel ? apiNameLabel : apiPathLabel ? apiPathLabel : "\u672A\u77E5\u63A5\u53E3";
+        ctx.response = ErrorResponse(ctx, `\u65E0\u6743\u8BBF\u95EE ${apiLabel} \u63A5\u53E3`, 1, null, { apiLabel }, "permission");
+        return;
+      }
+      return;
+    }
     const apiPath = ctx.route;
     const roleCode = ctx.user.roleCode;
     let hasPermission = false;
@@ -15426,6 +15484,21 @@ class DbSqlError extends Error {
   }
 }
+class TransAbortError extends Error {
+  payload;
+  constructor(payload) {
+    super("TRANSACTION_ABORT");
+    this.payload = payload;
+  }
+}
+function isBeflyResponse(value) {
+  if (!isPlainObject(value)) {
+    return false;
+  }
+  const record = value;
+  return typeof record["code"] === "number" && typeof record["msg"] === "string";
+}
 class DbHelper {
   redis;
   dbName;
@@ -15480,8 +15553,9 @@ class DbHelper {
               }
             }
             if (bigintValue !== null) {
-              if (bigintValue <= MAX_SAFE_INTEGER_BIGINT && bigintValue >= MIN_SAFE_INTEGER_BIGINT) {
-                nextValue = Number(bigintValue);
+              const convertedNumber = canConvertToNumber(bigintValue);
+              if (convertedNumber !== null) {
+                nextValue = convertedNumber;
               }
             }
           }
@@ -16052,7 +16126,11 @@ class DbHelper {
   }
   async trans(callback) {
     if (this.isTransaction) {
-      return await callback(this);
+      const innerResult = await callback(this);
+      if (isBeflyResponse(innerResult) && innerResult.code !== 0) {
+        throw new TransAbortError(innerResult);
+      }
+      return innerResult;
     }
     const sql = this.sql;
     if (!sql) {
@@ -16061,10 +16139,21 @@ class DbHelper {
     if (!hasBegin(sql)) {
       throw new Error("\u5F53\u524D SQL \u5BA2\u6237\u7AEF\u4E0D\u652F\u6301\u4E8B\u52A1 begin() \u65B9\u6CD5");
     }
-    return await sql.begin(async (tx) => {
-      const trans = new DbHelper({ redis: this.redis, dbName: this.dbName, sql: tx, idMode: this.idMode });
-      return await callback(trans);
-    });
+    try {
+      return await sql.begin(async (tx) => {
+        const trans = new DbHelper({ redis: this.redis, dbName: this.dbName, sql: tx, idMode: this.idMode });
+        const result = await callback(trans);
+        if (isBeflyResponse(result) && result.code !== 0) {
+          throw new TransAbortError(result);
+        }
+        return result;
+      });
+    } catch (error) {
+      if (error instanceof TransAbortError) {
+        return error.payload;
+      }
+      throw error;
+    }
   }
   async query(sql, params) {
     return await this.executeWithConn(sql, params);