befly 3.17.0 → 3.17.3

package/configs/beflyConfig.json

@@ -0,0 +1,61 @@
+{
+    "runMode": "development",
+    "appName": "野蜂飞舞",
+    "appPort": 3000,
+    "appHost": "127.0.0.1",
+    "devEmail": "dev@qq.com",
+    "devPassword": "111111",
+    "bodyLimit": 1048576,
+    "tz": "Asia/Shanghai",
+
+    "logger": {
+        "debug": 1,
+        "excludeFields": ["password", "token", "secret"],
+        "dir": "./logs",
+        "console": 1,
+        "maxSize": 20,
+        "maxStringLen": 100,
+        "maxArrayItems": 100
+    },
+
+    "mysql": {
+        "idMode": "timeId",
+        "hostname": "127.0.0.1",
+        "port": 3306,
+        "username": "root",
+        "password": "root",
+        "database": "befly_dev",
+        "max": 10
+    },
+
+    "redis": {
+        "hostname": "127.0.0.1",
+        "port": 6379,
+        "username": "",
+        "password": "",
+        "db": 0,
+        "prefix": "befly_demo"
+    },
+
+    "session": {
+        "expireDays": 7
+    },
+
+    "cors": {
+        "origin": "*",
+        "methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
+        "allowedHeaders": "Content-Type,Authorization",
+        "exposedHeaders": "",
+        "maxAge": 86400,
+        "credentials": "true"
+    },
+
+    "rateLimit": {
+        "enable": 1,
+        "defaultLimit": 1000,
+        "defaultWindow": 60,
+        "key": "ip",
+        "skipRoutes": [],
+        "rules": []
+    }
+}

package/configs/beflyMenus.json

@@ -0,0 +1,85 @@
+[
+    {
+        "name": "首页",
+        "path": "/",
+        "sort": 1
+    },
+    {
+        "name": "人员管理",
+        "path": "/people",
+        "sort": 2,
+        "children": [
+            {
+                "name": "管理员",
+                "path": "/admin",
+                "sort": 1
+            }
+        ]
+    },
+    {
+        "name": "权限设置",
+        "path": "/permission",
+        "sort": 3,
+        "children": [
+            {
+                "name": "角色管理",
+                "path": "/role",
+                "sort": 1
+            },
+            {
+                "name": "菜单列表",
+                "path": "/menu",
+                "sort": 2
+            },
+            {
+                "name": "接口列表",
+                "path": "/api",
+                "sort": 3
+            }
+        ]
+    },
+    {
+        "name": "配置管理",
+        "path": "/config",
+        "sort": 4,
+        "children": [
+            {
+                "name": "字典类型",
+                "path": "/dictType",
+                "sort": 1
+            },
+            {
+                "name": "字典列表",
+                "path": "/dict",
+                "sort": 2
+            },
+            {
+                "name": "系统配置",
+                "path": "/system",
+                "sort": 3
+            }
+        ]
+    },
+    {
+        "name": "日志管理",
+        "path": "/log",
+        "sort": 5,
+        "children": [
+            {
+                "name": "登录日志",
+                "path": "/login",
+                "sort": 1
+            },
+            {
+                "name": "邮件日志",
+                "path": "/email",
+                "sort": 2
+            },
+            {
+                "name": "操作日志",
+                "path": "/operate",
+                "sort": 3
+            }
+        ]
+    }
+]

package/configs/constConfig.js

@@ -0,0 +1,34 @@
+// ==========================
+// 数据库类型分类
+// ==========================
+
+// 字符串类数据库类型
+export const STRING_KIND_TYPES = ["char", "varchar", "enum", "tinytext", "text", "mediumtext", "longtext"];
+
+// 文本类数据库类型
+export const TEXT_KIND_TYPES = ["tinytext", "text", "mediumtext", "longtext"];
+
+// 整数类数据库类型
+export const INT_KIND_TYPES = ["tinyint", "smallint", "mediumint", "int", "bigint"];
+
+// 小数类数据库类型
+export const DECIMAL_KIND_TYPES = ["decimal"];
+
+// 浮点类数据库类型
+export const FLOAT_KIND_TYPES = ["float", "double"];
+
+// JSON 类数据库类型
+export const JSON_KIND_TYPES = ["json"];
+
+// 枚举类数据库类型
+export const ENUM_KIND_TYPES = ["enum"];
+
+// ==========================
+// 运行配置可选值
+// ==========================
+
+// 运行模式可选值
+export const RUN_MODE_VALUES = ["development", "production"];
+
+// 数据库 ID 生成模式可选值
+export const DB_ID_MODE_VALUES = ["timeId", "autoId"];

package/configs/regexpAlias.json

@@ -0,0 +1,55 @@
+{
+    "number": "^\\d+$",
+    "integer": "^-?\\d+$",
+    "float": "^-?\\d+(\\.\\d+)?$",
+    "positive": "^[1-9]\\d*$",
+    "negative": "^-\\d+$",
+    "zero": "^0$",
+    "word": "^[a-zA-Z]+$",
+    "alphanumeric": "^[a-zA-Z0-9]+$",
+    "alphanumeric_": "^[a-zA-Z0-9_]+$",
+    "alphanumericDash_": "^[a-zA-Z0-9_-]+$",
+    "lowercase": "^[a-z]+$",
+    "uppercase": "^[A-Z]+$",
+    "chinese": "^[\\u4e00-\\u9fa5]+$",
+    "chineseWord": "^[\\u4e00-\\u9fa5a-zA-Z]+$",
+    "email": "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$",
+    "phone": "^1[3-9]\\d{9}$",
+    "telephone": "^0\\d{2,3}-?\\d{7,8}$",
+    "url": "^https?://",
+    "ip": "^((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$",
+    "ipv6": "^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$",
+    "domain": "^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,}$",
+    "uuid": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
+    "hex": "^[0-9a-fA-F]+$",
+    "base64": "^[A-Za-z0-9+/=]+$",
+    "md5": "^[a-f0-9]{32}$",
+    "sha1": "^[a-f0-9]{40}$",
+    "sha256": "^[a-f0-9]{64}$",
+    "date": "^\\d{4}-\\d{2}-\\d{2}$",
+    "time": "^\\d{2}:\\d{2}:\\d{2}$",
+    "datetime": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}",
+    "year": "^\\d{4}$",
+    "month": "^(0[1-9]|1[0-2])$",
+    "day": "^(0[1-9]|[12]\\d|3[01])$",
+    "variable": "^[a-zA-Z_][a-zA-Z0-9_]*$",
+    "constant": "^[A-Z][A-Z0-9_]*$",
+    "package": "^[a-z][a-z0-9-]*$",
+    "idCard": "^\\d{17}[\\dXx]$",
+    "passport": "^[a-zA-Z0-9]{5,17}$",
+    "bankCard": "^\\d{16,19}$",
+    "wechat": "^[a-zA-Z][a-zA-Z0-9_-]{5,19}$",
+    "qq": "^[1-9]\\d{4,10}$",
+    "alipay": "^(1[3-9]\\d{9}|[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,})$",
+    "username": "^[a-zA-Z][a-zA-Z0-9_]{3,19}$",
+    "nickname": "^[\\u4e00-\\u9fa5a-zA-Z0-9]{2,20}$",
+    "passwordWeak": "^.{6,}$",
+    "passwordMedium": "^(?=.*[a-zA-Z])(?=.*\\d).{8,}$",
+    "passwordStrong": "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[!@#$%^&*]).{8,}$",
+    "licensePlate": "^[京津沪渝冀豫云辽黑湘皖鲁新苏浙赣鄂桂甘晋蒙陕吉闽贵粤青藏川宁琼使领][A-Z][A-HJ-NP-Z0-9]{4,5}[A-HJ-NP-Z0-9挂学警港澳]$",
+    "postalCode": "^\\d{6}$",
+    "semver": "^\\d+\\.\\d+\\.\\d+(-[a-zA-Z0-9.]+)?(\\+[a-zA-Z0-9.]+)?$",
+    "colorHex": "^#([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$",
+    "empty": "^$",
+    "notempty": ".+"
+}

package/hooks/auth.js

@@ -0,0 +1,34 @@
+import { toSessionTtlSeconds } from "../utils/toSessionTtlSeconds.js";
+
+export default {
+    deps: ["cors"],
+    handler: async (befly, ctx) => {
+        const authHeader = ctx.req.headers.get("authorization");
+        const ttlSeconds = toSessionTtlSeconds(befly.config?.session?.expireDays);
+
+        if (authHeader && authHeader.startsWith("Bearer ")) {
+            const sid = authHeader.substring(7).trim();
+
+            if (!sid) {
+                return;
+            }
+
+            const sessionKey = `session:${sid}`;
+            const sessionData = await befly.redis.getObject(sessionKey);
+
+            if (!sessionData?.id) {
+                return;
+            }
+
+            try {
+                await befly.redis.expire(sessionKey, ttlSeconds);
+                ctx.userId = sessionData.id;
+                ctx.nickname = sessionData.nickname;
+                ctx.roleCode = sessionData.roleCode;
+                ctx.roleType = sessionData.roleType;
+            } catch {
+                return;
+            }
+        }
+    }
+};

package/hooks/cors.js

@@ -0,0 +1,39 @@
+// 相对导入
+import { setCorsOptions } from "../utils/cors.js";
+
+/**
+ * CORS 跨域处理钩子
+ * 设置跨域响应头并处理 OPTIONS 预检请求
+ */
+export default {
+    deps: [],
+    handler: async (befly, ctx) => {
+        const req = ctx.req;
+
+        // 合并默认配置和用户配置
+        const defaultConfig = {
+            origin: "*",
+            methods: "GET, POST, OPTIONS",
+            allowedHeaders: "Content-Type, Authorization, authorization, token",
+            exposedHeaders: "Content-Range, X-Content-Range, Authorization, authorization, token",
+            maxAge: 86400,
+            credentials: "true"
+        };
+
+        const corsConfig = Object.assign({}, defaultConfig, befly.config && befly.config.cors ? befly.config.cors : {});
+
+        // 设置 CORS 响应头
+        const headers = setCorsOptions(req, corsConfig);
+
+        ctx.corsHeaders = headers;
+
+        // 处理 OPTIONS 预检请求
+        if (req.method === "OPTIONS") {
+            ctx.response = new Response(null, {
+                status: 204,
+                headers: headers
+            });
+            return;
+        }
+    }
+};

package/hooks/parser.js

@@ -0,0 +1,90 @@
+// 外部依赖
+import { XMLParser } from "fast-xml-parser";
+
+import { ErrorResponse } from "../utils/response.js";
+
+const xmlParser = new XMLParser();
+
+/**
+ * 请求参数解析钩子
+ * - GET 请求：解析 URL 查询参数
+ * - POST 请求：解析 JSON 或 XML 请求体
+ * - 仅负责解析与合并参数；字段过滤/映射/校验由 validator hook 处理
+ * - body: "raw" 时跳过解析，由 handler 自行处理原始请求
+ */
+export default {
+    deps: ["auth"],
+    handler: async (befly, ctx) => {
+        if (!ctx.apiPath) {
+            return;
+        }
+
+        // body=raw 模式：跳过解析，保留原始请求供 handler 自行处理
+        // 适用于：微信回调、支付回调、webhook 等需要手动解密/验签的场景
+        if (ctx.body === "raw") {
+            ctx.body = {};
+            return;
+        }
+
+        // GET 请求：解析查询参数
+        if (ctx.req.method === "GET") {
+            const url = new URL(ctx.req.url);
+            const params = Object.fromEntries(url.searchParams);
+            ctx.body = params;
+        } else if (ctx.req.method === "POST") {
+            // POST 请求：解析请求体
+            const contentType = ctx.req.headers.get("content-type") || "";
+            // 获取 URL 查询参数（POST 请求也可能带参数）
+            const url = new URL(ctx.req.url);
+            const queryParams = Object.fromEntries(url.searchParams);
+
+            try {
+                // JSON 格式
+                if (contentType.includes("application/json")) {
+                    const body = await ctx.req.json();
+                    // 合并 URL 参数和请求体（请求体优先）
+                    const merged = Object.assign({}, queryParams, body);
+                    ctx.body = merged;
+                } else if (contentType.includes("application/xml") || contentType.includes("text/xml")) {
+                    // XML 格式
+                    const text = await ctx.req.text();
+                    const parsed = xmlParser.parse(text);
+                    // 提取根节点内容（如 xml），使 body 扁平化
+                    const rootKey = Object.keys(parsed)[0];
+                    const body = rootKey && typeof parsed[rootKey] === "object" ? parsed[rootKey] : parsed;
+                    // 合并 URL 参数和请求体（请求体优先）
+                    const merged = Object.assign({}, queryParams, body);
+                    ctx.body = merged;
+                } else {
+                    // 不支持的 Content-Type
+                    ctx.response = ErrorResponse(
+                        ctx,
+                        "无效的请求参数格式",
+                        1,
+                        null,
+                        {
+                            location: "content-type",
+                            value: contentType
+                        },
+                        "parser"
+                    );
+                    return;
+                }
+            } catch {
+                // 解析失败：属于客户端输入错误，返回安全 detail（不回传异常栈/原始 body）
+                ctx.response = ErrorResponse(
+                    ctx,
+                    "无效的请求参数格式",
+                    1,
+                    null,
+                    {
+                        location: "body",
+                        reason: contentType.includes("application/json") ? "invalid_json" : contentType.includes("xml") ? "invalid_xml" : "invalid_body"
+                    },
+                    "parser"
+                );
+                return;
+            }
+        }
+    }
+};

package/hooks/permission.js

@@ -0,0 +1,71 @@
+import { CacheKeys } from "../lib/cacheKeys.js";
+import { Logger } from "../lib/logger.js";
+// 相对导入
+import { ErrorResponse } from "../utils/response.js";
+import { isNonEmptyString, isString, isValidPositiveInt } from "../utils/is.js";
+
+/**
+ * 权限检查钩子
+ * - 接口无需权限（auth=false）：直接通过
+ * - auth 为 ctx.roleType 白名单（string[]）：登录后按 ctx.roleType 放行
+ * - 用户未登录：返回 401
+ * - 开发者角色（dev）：最高权限，直接通过
+ * - 其他角色：检查 Redis 中的角色权限集合
+ */
+export default {
+    deps: ["validator"],
+    handler: async (befly, ctx) => {
+        // 1. 接口无需权限
+        if (ctx.auth === false) {
+            return;
+        }
+
+        // 2. 用户未登录
+        if (!isValidPositiveInt(ctx.userId)) {
+            ctx.response = ErrorResponse(ctx, "未登录", 1, null, null, "auth");
+            return;
+        }
+
+        // 3. 开发者权限（最高权限）
+        if (ctx.roleCode === "dev") {
+            return;
+        }
+
+        // 3.5 auth 为角色类型白名单时，仅做 ctx.roleType 校验
+        if (Array.isArray(ctx.auth) && ctx.auth.includes(ctx.roleType) === false) {
+            ctx.response = ErrorResponse(
+                ctx,
+                `无权访问 ${ctx.apiName} 接口`,
+                1,
+                null,
+                {
+                    apiName: ctx.apiName,
+                    apiPath: ctx.apiPath
+                },
+                "permission"
+            );
+            return;
+        }
+
+        // 4. 角色权限检查
+        // apiPath 在 apiHandler 中已统一生成并写入 ctx.apiPath
+
+        // 极简方案：每个角色一个 Set，直接判断成员是否存在
+        const hasPermission = await befly.redis.sismember(CacheKeys.roleApis(ctx.roleCode), ctx.apiPath);
+
+        if (!hasPermission) {
+            ctx.response = ErrorResponse(
+                ctx,
+                `无权访问 ${ctx.apiName} 接口`,
+                1,
+                null,
+                {
+                    apiName: ctx.apiName,
+                    apiPath: ctx.apiPath
+                },
+                "permission"
+            );
+            return;
+        }
+    }
+};

package/hooks/validator.js

@@ -0,0 +1,43 @@
+// 相对导入
+import { Validator } from "../lib/validator.js";
+import { ErrorResponse } from "../utils/response.js";
+import { isPlainObject } from "../utils/is.js";
+import { snakeCase } from "../utils/util.js";
+
+/**
+ * 参数验证钩子
+ * 根据 API 定义的 fields 和 required 验证请求参数
+ */
+export default {
+    deps: ["parser"],
+    handler: async (befly, ctx) => {
+        // 仅保留 fields 中声明的字段，并支持 snake_case 入参回退（例如 agent_id -> agentId）
+        const rawBody = isPlainObject(ctx.body) ? ctx.body : {};
+        const nextBody = {};
+
+        for (const [field] of Object.entries(ctx.fields)) {
+            let value = rawBody[field];
+
+            if (value === undefined) {
+                const snakeField = snakeCase(field);
+                if (rawBody[snakeField] !== undefined) {
+                    value = rawBody[snakeField];
+                }
+            }
+
+            if (value !== undefined) {
+                nextBody[field] = value;
+            }
+        }
+
+        ctx.body = nextBody;
+
+        // 验证参数
+        const result = Validator.validate(ctx.body, ctx.fields, ctx.required || []);
+
+        if (result.code !== 0) {
+            ctx.response = ErrorResponse(ctx, result.firstError || "参数验证失败", 1, null, result.fieldErrors, "validator");
+            return;
+        }
+    }
+};