blockmine 1.25.0 → 1.27.0

package/backend/src/core/services/__tests__/CacheManager.test.js

@@ -0,0 +1,168 @@
+const CacheManager = require('../CacheManager');
+
+describe('CacheManager', () => {
+    let cache;
+
+    beforeEach(() => {
+        cache = new CacheManager();
+    });
+
+    describe('getMetrics', () => {
+        it('returns zero metrics on init', () => {
+            const metrics = cache.getMetrics();
+            expect(metrics.tokenCache).toEqual({ hits: 0, misses: 0, hitRate: 0 });
+            expect(metrics.playerListCache).toEqual({ hits: 0, misses: 0, hitRate: 0 });
+            expect(metrics.botConfigsCache).toEqual({ hits: 0, misses: 0, hitRate: 0 });
+        });
+
+        it('tracks tokenCache hits and misses', () => {
+            cache.setToken('tok1', { user: 'alice' });
+            cache.getToken('tok1');
+            cache.getToken('tok-missing');
+
+            const { tokenCache } = cache.getMetrics();
+            expect(tokenCache.hits).toBe(1);
+            expect(tokenCache.misses).toBe(1);
+            expect(tokenCache.hitRate).toBe(0.5);
+        });
+
+        it('tracks playerListCache hits and misses', () => {
+            cache.setPlayerList(1, ['player1']);
+            cache.getPlayerList(1);
+            cache.getPlayerList(999);
+
+            const { playerListCache } = cache.getMetrics();
+            expect(playerListCache.hits).toBe(1);
+            expect(playerListCache.misses).toBe(1);
+            expect(playerListCache.hitRate).toBe(0.5);
+        });
+
+        it('tracks botConfigsCache hits and misses', () => {
+            cache.setBotConfig(1, { commands: new Map() });
+            cache.getBotConfig(1);
+            cache.getBotConfig(999);
+
+            const { botConfigsCache } = cache.getMetrics();
+            expect(botConfigsCache.hits).toBe(1);
+            expect(botConfigsCache.misses).toBe(1);
+            expect(botConfigsCache.hitRate).toBe(0.5);
+        });
+
+        it('computes hitRate as 1 when all are hits', () => {
+            cache.setToken('t', 'v');
+            cache.getToken('t');
+            cache.getToken('t');
+
+            const { tokenCache } = cache.getMetrics();
+            expect(tokenCache.hitRate).toBe(1);
+        });
+
+        it('computes hitRate as 0 when all are misses', () => {
+            cache.getToken('nope');
+            cache.getToken('nope2');
+
+            const { tokenCache } = cache.getMetrics();
+            expect(tokenCache.hitRate).toBe(0);
+            expect(tokenCache.hits).toBe(0);
+            expect(tokenCache.misses).toBe(2);
+        });
+    });
+
+    describe('resetMetrics', () => {
+        it('resets all counters to zero', () => {
+            cache.setToken('t', 'v');
+            cache.getToken('t');
+            cache.getToken('missing');
+            cache.setPlayerList(1, []);
+            cache.getPlayerList(1);
+
+            cache.resetMetrics();
+
+            const metrics = cache.getMetrics();
+            expect(metrics.tokenCache).toEqual({ hits: 0, misses: 0, hitRate: 0 });
+            expect(metrics.playerListCache).toEqual({ hits: 0, misses: 0, hitRate: 0 });
+            expect(metrics.botConfigsCache).toEqual({ hits: 0, misses: 0, hitRate: 0 });
+        });
+    });
+
+    describe('checkMemoryUsage', () => {
+        it('returns heapUsed, threshold, and exceeded fields', () => {
+            const result = cache.checkMemoryUsage();
+            expect(typeof result.heapUsed).toBe('number');
+            expect(typeof result.threshold).toBe('number');
+            expect(typeof result.exceeded).toBe('boolean');
+        });
+
+        it('does not clear playerListCache when under threshold', () => {
+            cache.memoryThreshold = Number.MAX_SAFE_INTEGER;
+            cache.setPlayerList(1, ['player1']);
+
+            const result = cache.checkMemoryUsage();
+
+            expect(result.exceeded).toBe(false);
+            expect(cache.getPlayerList(1)).toEqual(['player1']);
+        });
+
+        it('clears playerListCache when threshold is exceeded', () => {
+            cache.memoryThreshold = 1;
+            cache.setPlayerList(1, ['player1']);
+            cache.setPlayerList(2, ['player2']);
+
+            const result = cache.checkMemoryUsage();
+
+            expect(result.exceeded).toBe(true);
+            expect(cache.playerListCache.size).toBe(0);
+        });
+
+        it('logs a warning when threshold is exceeded', () => {
+            const logger = { warn: jest.fn() };
+            cache = new CacheManager({ logger });
+            cache.memoryThreshold = 1;
+
+            cache.checkMemoryUsage();
+
+            expect(logger.warn).toHaveBeenCalledWith(
+                expect.objectContaining({ threshold: 1 }),
+                expect.any(String)
+            );
+        });
+
+        it('does not log when no logger is provided', () => {
+            cache.memoryThreshold = 1;
+            expect(() => cache.checkMemoryUsage()).not.toThrow();
+        });
+    });
+
+    describe('backward compatibility', () => {
+        it('getToken/setToken/deleteToken work as before', () => {
+            cache.setToken('abc', { id: 1 });
+            expect(cache.getToken('abc')).toEqual({ id: 1 });
+            cache.deleteToken('abc');
+            expect(cache.getToken('abc')).toBeUndefined();
+        });
+
+        it('getPlayerList/setPlayerList work as before', () => {
+            cache.setPlayerList(42, ['a', 'b']);
+            expect(cache.getPlayerList(42)).toEqual(['a', 'b']);
+        });
+
+        it('getBotConfig/setBotConfig/deleteBotConfig work as before', () => {
+            cache.setBotConfig(7, { commands: new Map() });
+            expect(cache.getBotConfig(7)).toBeDefined();
+            cache.deleteBotConfig(7);
+            expect(cache.getBotConfig(7)).toBeUndefined();
+        });
+
+        it('clearBotCache removes both playerList and botConfig', () => {
+            cache.setPlayerList(5, ['x']);
+            cache.setBotConfig(5, { commands: new Map() });
+            cache.clearBotCache(5);
+            expect(cache.getPlayerList(5)).toBeUndefined();
+            expect(cache.getBotConfig(5)).toBeUndefined();
+        });
+
+        it('botConfigsCache remains a Map', () => {
+            expect(cache.botConfigsCache).toBeInstanceOf(Map);
+        });
+    });
+});

package/backend/src/core/services.js

@@ -1,22 +1,12 @@
-const { asValue } = require('awilix');
 const configureContainer = require('../container');
 
 const container = configureContainer();
 
-const BotManager = require('./BotManager');
-const botManager = new BotManager(container.cradle);
-
-// Регистрируем botManager в контейнере для PluginManager
-container.register({
-    botManager: asValue(botManager)
-});
-
+const botManager = container.resolve('botManager');
 const pluginManager = container.resolve('pluginManager');
 const eventGraphManager = container.resolve('eventGraphManager');
 
-// EventGraphManager требует botManager через setter из-за циклической зависимости
 eventGraphManager.setBotManager(botManager);
-
 botManager.initialize();
 
 module.exports = {

package/backend/src/core/validation/InputValidator.js

@@ -0,0 +1,167 @@
+const SEMVER_PATTERN = /^\d+\.\d+\.\d+(-[\w.]+)?(\+[\w.]+)?$/;
+
+const DANGEROUS_PATTERNS = [
+    /<script\b[^>]*>[\s\S]*?<\/script(?:\s+[^>]*)?\s*>/gi,
+    /<[^>]+on\w+\s*=\s*["'][^"']*["'][^>]*>/gi,
+    /javascript\s*:/gi,
+    /vbscript\s*:/gi,
+    /union\s+select/gi,
+    /drop\s+table/gi,
+    /insert\s+into/gi,
+    /delete\s+from/gi,
+    /update\s+\w+\s+set/gi,
+    /exec\s*\(/gi,
+    /xp_cmdshell/gi,
+    /\.\.[/\\]/g,
+    /[/\\]\.\./g,
+];
+
+function sanitizeString(value) {
+    if (typeof value !== 'string') return '';
+    let result = value;
+    for (const pattern of DANGEROUS_PATTERNS) {
+        result = result.replace(pattern, '');
+    }
+    return result;
+}
+
+function validateString(value, options = {}) {
+    const { minLength, maxLength, pattern, required } = options;
+
+    if (value === undefined || value === null || value === '') {
+        if (required) {
+            return { valid: false, value: '', error: 'validation.string.required' };
+        }
+        return { valid: true, value: '' };
+    }
+
+    if (typeof value !== 'string') {
+        return { valid: false, value: '', error: 'validation.string.type' };
+    }
+
+    const sanitized = sanitizeString(value);
+
+    if (minLength !== undefined && sanitized.length < minLength) {
+        return { valid: false, value: sanitized, error: 'validation.string.minLength' };
+    }
+
+    if (maxLength !== undefined && sanitized.length > maxLength) {
+        return { valid: false, value: sanitized, error: 'validation.string.maxLength' };
+    }
+
+    if (pattern !== undefined && !pattern.test(sanitized)) {
+        return { valid: false, value: sanitized, error: 'validation.string.pattern' };
+    }
+
+    return { valid: true, value: sanitized };
+}
+
+function validateInteger(value, options = {}) {
+    const { min, max, required } = options;
+
+    if (value === undefined || value === null || value === '') {
+        if (required) {
+            return { valid: false, value: 0, error: 'validation.integer.required' };
+        }
+        return { valid: true, value: 0 };
+    }
+
+    const parsed = Number(value);
+
+    if (!Number.isInteger(parsed)) {
+        return { valid: false, value: 0, error: 'validation.integer.type' };
+    }
+
+    if (min !== undefined && parsed < min) {
+        return { valid: false, value: parsed, error: 'validation.integer.min' };
+    }
+
+    if (max !== undefined && parsed > max) {
+        return { valid: false, value: parsed, error: 'validation.integer.max' };
+    }
+
+    return { valid: true, value: parsed };
+}
+
+function validatePluginManifest(manifest) {
+    const errors = [];
+
+    if (!manifest || typeof manifest !== 'object') {
+        return { valid: false, errors: ['validation.manifest.type'] };
+    }
+
+    if (!manifest.name || typeof manifest.name !== 'string' || manifest.name.trim() === '') {
+        errors.push('validation.manifest.name.required');
+    }
+
+    if (!manifest.version || typeof manifest.version !== 'string') {
+        errors.push('validation.manifest.version.required');
+    } else if (!SEMVER_PATTERN.test(manifest.version)) {
+        errors.push('validation.manifest.version.semver');
+    }
+
+    if (!manifest.main || typeof manifest.main !== 'string' || manifest.main.trim() === '') {
+        errors.push('validation.manifest.main.required');
+    }
+
+    if (manifest.description !== undefined && typeof manifest.description !== 'string') {
+        errors.push('validation.manifest.description.type');
+    }
+
+    if (manifest.dependencies !== undefined && (typeof manifest.dependencies !== 'object' || Array.isArray(manifest.dependencies))) {
+        errors.push('validation.manifest.dependencies.type');
+    }
+
+    if (manifest.settings !== undefined && (typeof manifest.settings !== 'object' || Array.isArray(manifest.settings))) {
+        errors.push('validation.manifest.settings.type');
+    }
+
+    return { valid: errors.length === 0, errors };
+}
+
+function validateBotConfig(config) {
+    const errors = [];
+
+    if (!config || typeof config !== 'object') {
+        return { valid: false, errors: ['validation.botConfig.type'] };
+    }
+
+    const hostResult = validateString(config.host, { required: true, minLength: 1 });
+    if (!hostResult.valid) {
+        errors.push('validation.botConfig.host.required');
+    }
+
+    const portResult = validateInteger(config.port, { required: true, min: 1, max: 65535 });
+    if (!portResult.valid) {
+        errors.push(portResult.error === 'validation.integer.required'
+            ? 'validation.botConfig.port.required'
+            : 'validation.botConfig.port.range');
+    }
+
+    const usernameResult = validateString(config.username, { required: true, minLength: 1 });
+    if (!usernameResult.valid) {
+        errors.push('validation.botConfig.username.required');
+    }
+
+    if (config.password !== undefined && typeof config.password !== 'string') {
+        errors.push('validation.botConfig.password.type');
+    }
+
+    if (config.version !== undefined && typeof config.version !== 'string') {
+        errors.push('validation.botConfig.version.type');
+    }
+
+    if (config.proxy !== undefined && typeof config.proxy !== 'object') {
+        errors.push('validation.botConfig.proxy.type');
+    }
+
+    return { valid: errors.length === 0, errors };
+}
+
+module.exports = {
+    validateString,
+    validateInteger,
+    validatePluginManifest,
+    validateBotConfig,
+    sanitizeString,
+};

package/backend/src/core/validation/__tests__/InputValidator.test.js

@@ -0,0 +1,296 @@
+const {
+    validateString,
+    validateInteger,
+    validatePluginManifest,
+    validateBotConfig,
+    sanitizeString,
+} = require('../InputValidator');
+
+describe('InputValidator', () => {
+    describe('sanitizeString', () => {
+        it('removes script tags', () => {
+            const result = sanitizeString('<script>alert("xss")</script>hello');
+            expect(result).not.toContain('<script>');
+            expect(result).toContain('hello');
+        });
+
+        it('removes SQL injection patterns', () => {
+            const result = sanitizeString("1 UNION SELECT * FROM users");
+            expect(result.toLowerCase()).not.toContain('union select');
+        });
+
+        it('removes path traversal patterns', () => {
+            const result = sanitizeString('../../etc/passwd');
+            expect(result).not.toContain('../');
+        });
+
+        it('removes javascript: protocol', () => {
+            const result = sanitizeString('javascript:alert(1)');
+            expect(result.toLowerCase()).not.toContain('javascript:');
+        });
+
+        it('returns empty string for non-string input', () => {
+            expect(sanitizeString(null)).toBe('');
+            expect(sanitizeString(undefined)).toBe('');
+            expect(sanitizeString(123)).toBe('');
+        });
+
+        it('returns clean string unchanged', () => {
+            expect(sanitizeString('hello world')).toBe('hello world');
+        });
+    });
+
+    describe('validateString', () => {
+        it('returns valid for a normal string', () => {
+            const result = validateString('hello');
+            expect(result.valid).toBe(true);
+            expect(result.value).toBe('hello');
+        });
+
+        it('returns error when required and empty', () => {
+            const result = validateString('', { required: true });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.string.required');
+        });
+
+        it('returns valid when not required and empty', () => {
+            const result = validateString('');
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error when below minLength', () => {
+            const result = validateString('ab', { minLength: 5 });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.string.minLength');
+        });
+
+        it('returns error when above maxLength', () => {
+            const result = validateString('hello world', { maxLength: 5 });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.string.maxLength');
+        });
+
+        it('returns error when pattern does not match', () => {
+            const result = validateString('abc123', { pattern: /^\d+$/ });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.string.pattern');
+        });
+
+        it('returns valid when pattern matches', () => {
+            const result = validateString('12345', { pattern: /^\d+$/ });
+            expect(result.valid).toBe(true);
+        });
+
+        it('sanitizes dangerous content', () => {
+            const result = validateString('<script>alert(1)</script>safe');
+            expect(result.valid).toBe(true);
+            expect(result.value).not.toContain('<script>');
+        });
+
+        it('returns error for non-string type', () => {
+            const result = validateString(42);
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.string.type');
+        });
+    });
+
+    describe('validateInteger', () => {
+        it('returns valid for a normal integer', () => {
+            const result = validateInteger(5);
+            expect(result.valid).toBe(true);
+            expect(result.value).toBe(5);
+        });
+
+        it('parses string integers', () => {
+            const result = validateInteger('42');
+            expect(result.valid).toBe(true);
+            expect(result.value).toBe(42);
+        });
+
+        it('returns error when required and missing', () => {
+            const result = validateInteger(undefined, { required: true });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.integer.required');
+        });
+
+        it('returns valid when not required and missing', () => {
+            const result = validateInteger(undefined);
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error for float', () => {
+            const result = validateInteger(3.14);
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.integer.type');
+        });
+
+        it('returns error when below min', () => {
+            const result = validateInteger(0, { min: 1 });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.integer.min');
+        });
+
+        it('returns error when above max', () => {
+            const result = validateInteger(100, { max: 50 });
+            expect(result.valid).toBe(false);
+            expect(result.error).toBe('validation.integer.max');
+        });
+
+        it('returns valid at boundary values', () => {
+            expect(validateInteger(1, { min: 1, max: 65535 }).valid).toBe(true);
+            expect(validateInteger(65535, { min: 1, max: 65535 }).valid).toBe(true);
+        });
+    });
+
+    describe('validatePluginManifest', () => {
+        const validManifest = {
+            name: 'my-plugin',
+            version: '1.0.0',
+            main: 'index.js',
+        };
+
+        it('returns valid for a correct manifest', () => {
+            const result = validatePluginManifest(validManifest);
+            expect(result.valid).toBe(true);
+            expect(result.errors).toHaveLength(0);
+        });
+
+        it('returns error when name is missing', () => {
+            const result = validatePluginManifest({ ...validManifest, name: undefined });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.manifest.name.required');
+        });
+
+        it('returns error when version is not semver', () => {
+            const result = validatePluginManifest({ ...validManifest, version: 'not-semver' });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.manifest.version.semver');
+        });
+
+        it('returns error when main is missing', () => {
+            const result = validatePluginManifest({ ...validManifest, main: '' });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.manifest.main.required');
+        });
+
+        it('accepts optional description', () => {
+            const result = validatePluginManifest({ ...validManifest, description: 'A plugin' });
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error when description is not a string', () => {
+            const result = validatePluginManifest({ ...validManifest, description: 123 });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.manifest.description.type');
+        });
+
+        it('accepts optional dependencies as object', () => {
+            const result = validatePluginManifest({ ...validManifest, dependencies: { 'other-plugin': '^1.0.0' } });
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error when dependencies is an array', () => {
+            const result = validatePluginManifest({ ...validManifest, dependencies: [] });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.manifest.dependencies.type');
+        });
+
+        it('accepts optional settings as object', () => {
+            const result = validatePluginManifest({ ...validManifest, settings: { key: 'value' } });
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error for non-object input', () => {
+            const result = validatePluginManifest(null);
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.manifest.type');
+        });
+
+        it('accepts semver with prerelease', () => {
+            const result = validatePluginManifest({ ...validManifest, version: '1.0.0-beta.1' });
+            expect(result.valid).toBe(true);
+        });
+    });
+
+    describe('validateBotConfig', () => {
+        const validConfig = {
+            host: 'localhost',
+            port: 25565,
+            username: 'testbot',
+        };
+
+        it('returns valid for a correct config', () => {
+            const result = validateBotConfig(validConfig);
+            expect(result.valid).toBe(true);
+            expect(result.errors).toHaveLength(0);
+        });
+
+        it('returns error when host is missing', () => {
+            const result = validateBotConfig({ ...validConfig, host: '' });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.host.required');
+        });
+
+        it('returns error when port is missing', () => {
+            const result = validateBotConfig({ ...validConfig, port: undefined });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.port.required');
+        });
+
+        it('returns error when port is out of range', () => {
+            const result = validateBotConfig({ ...validConfig, port: 0 });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.port.range');
+        });
+
+        it('returns error when port exceeds 65535', () => {
+            const result = validateBotConfig({ ...validConfig, port: 70000 });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.port.range');
+        });
+
+        it('returns error when username is missing', () => {
+            const result = validateBotConfig({ ...validConfig, username: '' });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.username.required');
+        });
+
+        it('accepts optional password', () => {
+            const result = validateBotConfig({ ...validConfig, password: 'secret' });
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error when password is not a string', () => {
+            const result = validateBotConfig({ ...validConfig, password: 123 });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.password.type');
+        });
+
+        it('accepts optional version', () => {
+            const result = validateBotConfig({ ...validConfig, version: '1.19.4' });
+            expect(result.valid).toBe(true);
+        });
+
+        it('accepts optional proxy as object', () => {
+            const result = validateBotConfig({ ...validConfig, proxy: { host: 'proxy.example.com', port: 8080 } });
+            expect(result.valid).toBe(true);
+        });
+
+        it('returns error when proxy is not an object', () => {
+            const result = validateBotConfig({ ...validConfig, proxy: 'proxy.example.com' });
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.proxy.type');
+        });
+
+        it('returns error for non-object input', () => {
+            const result = validateBotConfig(null);
+            expect(result.valid).toBe(false);
+            expect(result.errors).toContain('validation.botConfig.type');
+        });
+
+        it('accepts port boundary values 1 and 65535', () => {
+            expect(validateBotConfig({ ...validConfig, port: 1 }).valid).toBe(true);
+            expect(validateBotConfig({ ...validConfig, port: 65535 }).valid).toBe(true);
+        });
+    });
+});

package/backend/src/real-time/botApi/index.js

@@ -16,7 +16,7 @@ function initializeBotApiNamespace(io) {
         console.log(`[Bot API] Клиент подключился к боту ID: ${socket.botId} (ключ: ${socket.keyPrefix})`);
 
         socket.join(`bot_${socket.botId}`);
-
+        socket.join(`key_${socket.keyId}`);
 
         const isOnline = botManager.isBotRunning(socket.botId);
         socket.emit('bot:status', { online: isOnline });