befly 3.35.0 → 3.37.0

package/router/api.js

@@ -9,7 +9,7 @@ import { Logger } from "../lib/logger.js";
 // 相对导入
 import { setCorsOptions } from "../utils/cors.js";
 import { getClientIp } from "../utils/getClientIp.js";
-import { FinalResponse } from "../utils/response.js";
+import { ErrorResponse, FinalResponse } from "../utils/response.js";
 import { genShortId } from "../utils/util.js";
 
 function createExcludeApisLogMatchers(excludeApisLog) {
@@ -41,7 +41,7 @@ export function apiHandler(apis, hooks, context) {
         const requestId = genShortId();
         const now = Date.now();
 
-        const corsHeaders = setCorsOptions(req, context.config?.cors || {});
+        const corsHeaders = setCorsOptions(req, context.config.cors);
         corsHeaders["X-Request-ID"] = requestId;
 
         // 2. OPTIONS 预检请求：直接返回，不走 hooks，不打日志
@@ -95,6 +95,21 @@ export function apiHandler(apis, hooks, context) {
             apiFile: apiData.filePath
         };
 
+        if (ctx.apiMethod !== "ALL" && ctx.method !== ctx.apiMethod) {
+            return ErrorResponse(
+                ctx,
+                `请求方法不允许，请使用 ${ctx.apiMethod}`,
+                1,
+                null,
+                {
+                    method: ctx.method,
+                    allowMethod: ctx.apiMethod,
+                    apiPath: ctx.apiPath
+                },
+                "method"
+            );
+        }
+
         try {
             // 4. 串联执行所有钩子
             for (const hook of hooks) {

package/router/static.js

@@ -4,24 +4,40 @@
  */
 
 // 外部依赖
-import { join } from "pathe";
+import { basename, extname, isAbsolute, normalize, relative, resolve } from "pathe";
 
 import { Logger } from "../lib/logger.js";
 // 相对导入
 import { getAppPublicDir } from "../paths.js";
 import { setCorsOptions } from "../utils/cors.js";
 
+function getStaticFilePath(url, baseDir) {
+    try {
+        const relativePath = normalize(decodeURIComponent(url.pathname.slice("/public/".length)));
+        const filePath = resolve(baseDir, relativePath);
+        const fileRelativePath = relative(baseDir, filePath);
+
+        if (fileRelativePath.startsWith("..") || isAbsolute(fileRelativePath)) {
+            return "";
+        }
+
+        return filePath;
+    } catch {
+        return "";
+    }
+}
+
 /**
  * 静态文件处理器工厂
  */
-export function staticHandler(corsConfig = undefined, publicDir = "./public") {
+export function staticHandler(corsConfig, uploadConfig) {
     return async (req) => {
         // 设置 CORS 响应头
         const corsHeaders = setCorsOptions(req, corsConfig);
 
         const url = new URL(req.url);
-        const publicPath = url.pathname.replace(/^\/public/, "") || "/";
-        const filePath = join(getAppPublicDir(publicDir), publicPath);
+        const baseDir = resolve(getAppPublicDir(uploadConfig.publicDir));
+        const filePath = getStaticFilePath(url, baseDir);
 
         try {
             // OPTIONS预检请求
@@ -32,6 +48,18 @@ export function staticHandler(corsConfig = undefined, publicDir = "./public") {
                 });
             }
 
+            if (!filePath) {
+                return Response.json(
+                    {
+                        code: 1,
+                        msg: "文件未找到"
+                    },
+                    {
+                        headers: corsHeaders
+                    }
+                );
+            }
+
             const file = Bun.file(filePath);
             if (await file.exists()) {
                 const headers = {};
@@ -41,6 +69,10 @@ export function staticHandler(corsConfig = undefined, publicDir = "./public") {
                     }
                 }
                 headers["Content-Type"] = file.type || "application/octet-stream";
+                headers["X-Content-Type-Options"] = "nosniff";
+                if (uploadConfig.forceDownloadExtensions.split(",").includes(extname(filePath).toLowerCase())) {
+                    headers["Content-Disposition"] = `attachment; filename="${basename(filePath).replaceAll('"', "")}"`;
+                }
                 return new Response(file, {
                     headers: headers
                 });

package/sql/befly.sql

@@ -227,35 +227,3 @@ CREATE TABLE IF NOT EXISTS `befly_error_report` (
     KEY `idx_befly_error_report_time` (`report_time`),
     KEY `idx_befly_error_report_bucket_date` (`bucket_date`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
-
-CREATE TABLE IF NOT EXISTS `befly_info_report` (
-    `id` BIGINT NOT NULL,
-    `report_time` BIGINT NOT NULL DEFAULT 0,
-    `report_date` INT NOT NULL DEFAULT 0,
-    `member_key` VARCHAR(100) NOT NULL DEFAULT '',
-    `source` VARCHAR(50) NOT NULL DEFAULT '',
-    `product_name` VARCHAR(100) NOT NULL DEFAULT '',
-    `product_code` VARCHAR(100) NOT NULL DEFAULT '',
-    `product_version` VARCHAR(100) NOT NULL DEFAULT '',
-    `page_path` VARCHAR(200) NOT NULL DEFAULT '',
-    `page_name` VARCHAR(100) NOT NULL DEFAULT '',
-    `detail` TEXT NULL,
-    `user_agent` VARCHAR(500) NOT NULL DEFAULT '',
-    `browser_name` VARCHAR(100) NOT NULL DEFAULT '',
-    `browser_version` VARCHAR(100) NOT NULL DEFAULT '',
-    `os_name` VARCHAR(100) NOT NULL DEFAULT '',
-    `os_version` VARCHAR(100) NOT NULL DEFAULT '',
-    `device_type` VARCHAR(50) NOT NULL DEFAULT '',
-    `device_vendor` VARCHAR(100) NOT NULL DEFAULT '',
-    `device_model` VARCHAR(100) NOT NULL DEFAULT '',
-    `engine_name` VARCHAR(100) NOT NULL DEFAULT '',
-    `cpu_architecture` VARCHAR(100) NOT NULL DEFAULT '',
-    `state` TINYINT NOT NULL DEFAULT 1,
-    `created_at` BIGINT NOT NULL DEFAULT 0,
-    `updated_at` BIGINT NOT NULL DEFAULT 0,
-    `deleted_at` BIGINT NULL DEFAULT NULL,
-    PRIMARY KEY (`id`),
-    UNIQUE KEY `uk_befly_info_report_date_member` (`report_date`, `member_key`),
-    KEY `idx_befly_info_report_time` (`report_time`),
-    KEY `idx_befly_info_report_date` (`report_date`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;

package/tables/errorReport.json

@@ -67,7 +67,8 @@
     },
     "detail": {
         "name": "错误详情",
-        "input": "string"
+        "input": "string",
+        "max": 5000
     },
     "userAgent": {
         "name": "用户代理",

package/utils/cors.js

@@ -1,21 +1,12 @@
 /**
  * 设置 CORS 响应头
  * @param req - 请求对象
- * @param config - CORS 配置（可选）
+ * @param config - CORS 配置
  * @returns CORS 响应头对象
  */
-export function setCorsOptions(req, config = {}) {
-    const defaultConfig = {
-        origin: "*",
-        methods: "GET, POST, OPTIONS",
-        allowedHeaders: "Content-Type, Authorization, authorization, token",
-        exposedHeaders: "Content-Range, X-Content-Range, Authorization, authorization, token",
-        maxAge: 86400,
-        credentials: "true"
-    };
-
-    const merged = Object.assign({}, defaultConfig, config || {});
-    const origin = merged.origin;
+export function setCorsOptions(req, config) {
+    const origin = config.origin;
+    const allowCredentials = config.credentials === true || config.credentials === "true" ? "true" : "false";
     const requestedHeaders = req.headers.get("Access-Control-Request-Headers") || "";
 
     const allowedHeaderItems = [];
@@ -40,7 +31,7 @@ export function setCorsOptions(req, config = {}) {
         allowedHeaderItems.push(value);
     };
 
-    for (const item of String(merged.allowedHeaders || "").split(",")) {
+    for (const item of String(config.allowedHeaders || "").split(",")) {
         pushHeaderIfNeeded(item);
     }
 
@@ -51,11 +42,11 @@ export function setCorsOptions(req, config = {}) {
     const allowHeaders = allowedHeaderItems.join(", ");
 
     return {
-        "Access-Control-Allow-Origin": origin === "*" ? req.headers.get("origin") || "*" : origin,
-        "Access-Control-Allow-Methods": merged.methods,
+        "Access-Control-Allow-Origin": origin === "*" && allowCredentials === "false" ? req.headers.get("origin") || "*" : origin,
+        "Access-Control-Allow-Methods": config.methods,
         "Access-Control-Allow-Headers": allowHeaders,
-        "Access-Control-Expose-Headers": merged.exposedHeaders,
-        "Access-Control-Max-Age": String(merged.maxAge),
-        "Access-Control-Allow-Credentials": merged.credentials
+        "Access-Control-Expose-Headers": config.exposedHeaders,
+        "Access-Control-Max-Age": String(config.maxAge),
+        "Access-Control-Allow-Credentials": allowCredentials
     };
 }

package/apis/tongJi/cacheHealth.js

@@ -1,192 +0,0 @@
-import { getDateYmdNumber } from "#befly/utils/datetime.js";
-
-import { getTongJiMonthStartDate, getTongJiNumber, getTongJiWeekStartDate } from "./_tongJi.js";
-
-const ONLINE_ACTIVE_KEY = "online:active";
-const INFO_STATS_FALLBACK_COUNT_KEY = "stats:fallback:infoStats:count";
-const ERROR_STATS_FALLBACK_COUNT_KEY = "stats:fallback:errorStats:count";
-
-function getInfoStatsFallbackDailyCountKey(reportDate) {
-    return `stats:fallback:infoStats:count:day:${reportDate}`;
-}
-
-function getErrorStatsFallbackDailyCountKey(reportDate) {
-    return `stats:fallback:errorStats:count:day:${reportDate}`;
-}
-
-function getOnlineReportTimeKey(periodType, periodValue) {
-    return `online:${periodType}:${periodValue}:reportTime`;
-}
-
-function getInfoReportTimeKey(periodType, periodValue) {
-    return `info:${periodType}:${periodValue}:reportTime`;
-}
-
-function getErrorCountKey(periodType, periodValue) {
-    return `error:${periodType}:${periodValue}:count`;
-}
-
-async function getRedisStringNumber(redis, key) {
-    return getTongJiNumber(await redis.getString(key));
-}
-
-async function getRedisSetCount(redis, key) {
-    if (typeof redis.scard !== "function") {
-        return 0;
-    }
-
-    return getTongJiNumber(await redis.scard(key));
-}
-
-async function getRedisSortedSetCount(redis, key) {
-    if (typeof redis.zcard !== "function") {
-        return 0;
-    }
-
-    return getTongJiNumber(await redis.zcard(key));
-}
-
-async function getRedisConnectivity(redis) {
-    if (!redis || typeof redis.ping !== "function") {
-        return {
-            status: "unavailable",
-            responseTime: -1
-        };
-    }
-
-    try {
-        const start = Date.now();
-        await redis.ping();
-
-        return {
-            status: "running",
-            responseTime: Date.now() - start
-        };
-    } catch {
-        return {
-            status: "stopped",
-            responseTime: -1
-        };
-    }
-}
-
-export default {
-    name: "获取统计缓存健康状态",
-    method: "POST",
-    body: "none",
-    auth: true,
-    fields: {},
-    required: [],
-    handler: async (befly) => {
-        const now = Date.now();
-        const reportDate = getDateYmdNumber(now);
-        const weekStartDate = getTongJiWeekStartDate(now);
-        const monthStartDate = getTongJiMonthStartDate(now);
-        const redisConnectivity = await getRedisConnectivity(befly.redis);
-
-        if (!befly.redis) {
-            return befly.tool.Yes("获取成功", {
-                queryTime: now,
-                redis: redisConnectivity,
-                online: null,
-                info: null,
-                error: null,
-                roleCache: null,
-                hints: ["Redis 不可用，统计接口将回退到 MySQL 聚合"]
-            });
-        }
-
-        const onlineTodayReportTime = await getRedisStringNumber(befly.redis, getOnlineReportTimeKey("day", reportDate));
-        const onlineWeekReportTime = await getRedisStringNumber(befly.redis, getOnlineReportTimeKey("week", weekStartDate));
-        const onlineMonthReportTime = await getRedisStringNumber(befly.redis, getOnlineReportTimeKey("month", monthStartDate));
-
-        const infoTodayReportTime = await getRedisStringNumber(befly.redis, getInfoReportTimeKey("day", reportDate));
-        const infoWeekReportTime = await getRedisStringNumber(befly.redis, getInfoReportTimeKey("week", weekStartDate));
-        const infoMonthReportTime = await getRedisStringNumber(befly.redis, getInfoReportTimeKey("month", monthStartDate));
-
-        const errorDayCount = await getRedisStringNumber(befly.redis, getErrorCountKey("day", reportDate));
-        const errorWeekCount = await getRedisStringNumber(befly.redis, getErrorCountKey("week", weekStartDate));
-        const errorMonthCount = await getRedisStringNumber(befly.redis, getErrorCountKey("month", monthStartDate));
-
-        const roleApisVersion = String((await befly.redis.getString("role:apis:activeVersion")) || "");
-        const roleMenusVersion = String((await befly.redis.getString("role:menus:activeVersion")) || "");
-
-        const online = {
-            activeMembers: await getRedisSortedSetCount(befly.redis, ONLINE_ACTIVE_KEY),
-            reportTime: {
-                today: onlineTodayReportTime,
-                week: onlineWeekReportTime,
-                month: onlineMonthReportTime
-            },
-            ready: onlineTodayReportTime > 0 || onlineWeekReportTime > 0 || onlineMonthReportTime > 0
-        };
-
-        const info = {
-            reportTime: {
-                today: infoTodayReportTime,
-                week: infoWeekReportTime,
-                month: infoMonthReportTime
-            },
-            daySourcesCount: await getRedisSetCount(befly.redis, `info:day:${reportDate}:sources:names`),
-            ready: infoTodayReportTime > 0 || infoWeekReportTime > 0 || infoMonthReportTime > 0
-        };
-
-        const error = {
-            count: {
-                today: errorDayCount,
-                week: errorWeekCount,
-                month: errorMonthCount
-            },
-            ready: errorDayCount > 0 || errorWeekCount > 0 || errorMonthCount > 0
-        };
-
-        const roleCache = {
-            apis: {
-                activeVersion: roleApisVersion,
-                ready: roleApisVersion.length > 0
-            },
-            menus: {
-                activeVersion: roleMenusVersion,
-                ready: roleMenusVersion.length > 0
-            }
-        };
-
-        const fallback = {
-            infoStats: await getRedisStringNumber(befly.redis, INFO_STATS_FALLBACK_COUNT_KEY),
-            errorStats: await getRedisStringNumber(befly.redis, ERROR_STATS_FALLBACK_COUNT_KEY),
-            today: {
-                infoStats: await getRedisStringNumber(befly.redis, getInfoStatsFallbackDailyCountKey(reportDate)),
-                errorStats: await getRedisStringNumber(befly.redis, getErrorStatsFallbackDailyCountKey(reportDate))
-            }
-        };
-
-        const hints = [];
-
-        if (!online.ready) {
-            hints.push("online 统计预聚合尚未建立，onlineStats 将返回空或低命中结果");
-        }
-        if (!info.ready) {
-            hints.push("info 统计预聚合尚未建立，infoStats 将回退到 MySQL 聚合");
-        }
-        if (!error.ready) {
-            hints.push("error 统计预聚合尚未建立，errorStats 将回退到 MySQL 聚合");
-        }
-        if (!roleCache.apis.ready || !roleCache.menus.ready) {
-            hints.push("角色权限版本缓存未就绪，建议执行一次 cacheRefresh");
-        }
-        if (fallback.infoStats > 0 || fallback.errorStats > 0) {
-            hints.push("检测到统计查询回退到 MySQL，可关注预聚合写入是否稳定，必要时可执行 tongJi/fallbackReset 重置观测计数");
-        }
-
-        return befly.tool.Yes("获取成功", {
-            queryTime: now,
-            redis: redisConnectivity,
-            online: online,
-            info: info,
-            error: error,
-            roleCache: roleCache,
-            fallback: fallback,
-            hints: hints
-        });
-    }
-};

package/apis/tongJi/fallbackReset.js

@@ -1,61 +0,0 @@
-import { getDateYmdNumber } from "#befly/utils/datetime.js";
-
-import { getTongJiNumber } from "./_tongJi.js";
-
-const INFO_STATS_FALLBACK_COUNT_KEY = "stats:fallback:infoStats:count";
-const ERROR_STATS_FALLBACK_COUNT_KEY = "stats:fallback:errorStats:count";
-
-function getInfoStatsFallbackDailyCountKey(reportDate) {
-    return `stats:fallback:infoStats:count:day:${reportDate}`;
-}
-
-function getErrorStatsFallbackDailyCountKey(reportDate) {
-    return `stats:fallback:errorStats:count:day:${reportDate}`;
-}
-
-export default {
-    name: "重置统计回退计数",
-    method: "POST",
-    body: "none",
-    auth: true,
-    fields: {},
-    required: [],
-    handler: async (befly) => {
-        if (!befly.redis) {
-            return befly.tool.No("Redis 不可用，无法重置", {
-                reset: false
-            });
-        }
-
-        const reportDate = getDateYmdNumber(Date.now());
-        const infoDailyKey = getInfoStatsFallbackDailyCountKey(reportDate);
-        const errorDailyKey = getErrorStatsFallbackDailyCountKey(reportDate);
-        const resetKeys = [INFO_STATS_FALLBACK_COUNT_KEY, ERROR_STATS_FALLBACK_COUNT_KEY, infoDailyKey, errorDailyKey];
-        const before = {
-            infoStats: getTongJiNumber(await befly.redis.getString(INFO_STATS_FALLBACK_COUNT_KEY)),
-            errorStats: getTongJiNumber(await befly.redis.getString(ERROR_STATS_FALLBACK_COUNT_KEY)),
-            today: {
-                infoStats: getTongJiNumber(await befly.redis.getString(infoDailyKey)),
-                errorStats: getTongJiNumber(await befly.redis.getString(errorDailyKey))
-            }
-        };
-
-        const removedCount = await befly.redis.delBatch(resetKeys);
-
-        return befly.tool.Yes("重置成功", {
-            reset: true,
-            reportDate: reportDate,
-            removedCount: getTongJiNumber(removedCount),
-            keys: resetKeys,
-            before: before,
-            after: {
-                infoStats: 0,
-                errorStats: 0,
-                today: {
-                    infoStats: 0,
-                    errorStats: 0
-                }
-            }
-        });
-    }
-};

package/tables/infoReport.json

@@ -1,123 +0,0 @@
-{
-    "id": {
-        "name": "ID",
-        "input": "integer",
-        "min": 1,
-        "max": null
-    },
-    "reportTime": {
-        "name": "上报时间",
-        "input": "number"
-    },
-    "reportDate": {
-        "name": "上报日期",
-        "input": "number"
-    },
-    "memberKey": {
-        "name": "成员标识",
-        "input": "string",
-        "max": 100
-    },
-    "source": {
-        "name": "来源",
-        "input": "string",
-        "max": 50
-    },
-    "productName": {
-        "name": "产品名称",
-        "input": "string",
-        "max": 100
-    },
-    "productCode": {
-        "name": "产品代号",
-        "input": "string",
-        "max": 100
-    },
-    "productVersion": {
-        "name": "产品版本",
-        "input": "string",
-        "max": 100
-    },
-    "pagePath": {
-        "name": "页面路径",
-        "input": "string",
-        "max": 200
-    },
-    "pageName": {
-        "name": "页面名称",
-        "input": "string",
-        "max": 100
-    },
-    "detail": {
-        "name": "扩展详情",
-        "input": "string"
-    },
-    "userAgent": {
-        "name": "用户代理",
-        "input": "string",
-        "max": 500
-    },
-    "browserName": {
-        "name": "浏览器名称",
-        "input": "string",
-        "max": 100
-    },
-    "browserVersion": {
-        "name": "浏览器版本",
-        "input": "string",
-        "max": 100
-    },
-    "osName": {
-        "name": "操作系统名称",
-        "input": "string",
-        "max": 100
-    },
-    "osVersion": {
-        "name": "操作系统版本",
-        "input": "string",
-        "max": 100
-    },
-    "deviceType": {
-        "name": "设备类型",
-        "input": "string",
-        "max": 50
-    },
-    "deviceVendor": {
-        "name": "设备厂商",
-        "input": "string",
-        "max": 100
-    },
-    "deviceModel": {
-        "name": "设备型号",
-        "input": "string",
-        "max": 100
-    },
-    "engineName": {
-        "name": "引擎名称",
-        "input": "string",
-        "max": 100
-    },
-    "cpuArchitecture": {
-        "name": "CPU架构",
-        "input": "string",
-        "max": 100
-    },
-    "state": {
-        "name": "状态",
-        "input": "integer",
-        "min": 0,
-        "max": 2
-    },
-    "createdAt": {
-        "name": "创建时间",
-        "input": "number"
-    },
-    "updatedAt": {
-        "name": "更新时间",
-        "input": "number"
-    },
-    "deletedAt": {
-        "name": "删除时间",
-        "input": "number"
-    }
-}