bunsane 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/CHANGELOG.md +266 -0
  2. package/config/cache.config.ts +12 -2
  3. package/core/App.ts +390 -66
  4. package/core/ApplicationLifecycle.ts +68 -4
  5. package/core/Entity.ts +407 -256
  6. package/core/EntityHookManager.ts +88 -21
  7. package/core/EntityManager.ts +12 -3
  8. package/core/Logger.ts +4 -0
  9. package/core/RequestContext.ts +4 -1
  10. package/core/SchedulerManager.ts +92 -9
  11. package/core/cache/CacheFactory.ts +3 -1
  12. package/core/cache/CacheManager.ts +54 -17
  13. package/core/cache/RedisCache.ts +38 -3
  14. package/core/decorators/EntityHooks.ts +24 -12
  15. package/core/middleware/RateLimit.ts +105 -0
  16. package/core/middleware/index.ts +1 -0
  17. package/core/remote/CircuitBreaker.ts +115 -0
  18. package/core/remote/OutboxWorker.ts +183 -0
  19. package/core/remote/RemoteManager.ts +400 -0
  20. package/core/remote/RpcCaller.ts +310 -0
  21. package/core/remote/StreamConsumer.ts +535 -0
  22. package/core/remote/decorators.ts +121 -0
  23. package/core/remote/health.ts +139 -0
  24. package/core/remote/index.ts +37 -0
  25. package/core/remote/metrics.ts +99 -0
  26. package/core/remote/outboxSchema.ts +41 -0
  27. package/core/remote/types.ts +151 -0
  28. package/core/scheduler/DistributedLock.ts +324 -266
  29. package/gql/builders/ResolverBuilder.ts +4 -4
  30. package/gql/complexityLimit.ts +95 -0
  31. package/gql/index.ts +15 -3
  32. package/gql/visitors/ResolverGeneratorVisitor.ts +16 -2
  33. package/package.json +1 -1
  34. package/query/ComponentInclusionNode.ts +13 -6
  35. package/query/OrNode.ts +2 -4
  36. package/query/Query.ts +30 -3
  37. package/query/SqlIdentifier.ts +105 -0
  38. package/query/builders/FullTextSearchBuilder.ts +19 -6
  39. package/service/ServiceRegistry.ts +21 -8
  40. package/storage/LocalStorageProvider.ts +12 -3
  41. package/storage/S3StorageProvider.ts +6 -6
  42. package/tests/e2e/http.test.ts +6 -2
  43. package/tests/helpers/MockRedisClient.ts +113 -0
  44. package/tests/helpers/MockRedisStreamServer.ts +448 -0
  45. package/tests/integration/entity/Entity.saveTimeout.test.ts +110 -0
  46. package/tests/integration/remote/dlq.test.ts +175 -0
  47. package/tests/integration/remote/event-dispatch.test.ts +114 -0
  48. package/tests/integration/remote/outbox.test.ts +130 -0
  49. package/tests/integration/remote/rpc.test.ts +177 -0
  50. package/tests/unit/remote/CircuitBreaker.test.ts +159 -0
  51. package/tests/unit/remote/RemoteError.test.ts +55 -0
  52. package/tests/unit/remote/decorators.test.ts +195 -0
  53. package/tests/unit/remote/metrics.test.ts +115 -0
  54. package/tests/unit/remote/mockRedisStreamServer.test.ts +104 -0
  55. package/tests/unit/storage/S3StorageProvider.test.ts +6 -10
  56. package/upload/FileValidator.ts +9 -6
package/upload/FileValidator.ts CHANGED
@@ -258,31 +258,34 @@ export class FileValidator {
258
258
  * Check if file is potentially dangerous
259
259
  */
260
260
  public async isDangerous(file: File): Promise<boolean> {
261
- // Check for executable file extensions
262
261
  const dangerousExtensions = [
263
262
  '.exe', '.scr', '.bat', '.cmd', '.com', '.pif', '.vbs', '.js', '.jar',
264
- '.sh', '.py', '.pl', '.php', '.asp', '.aspx', '.jsp'
263
+ '.sh', '.py', '.pl', '.php', '.asp', '.aspx', '.jsp',
264
+ '.svg',
265
265
  ];
266
+ const dangerousMimeTypes = ['image/svg+xml'];
266
267
 
267
268
  const extension = this.getFileExtension(file.name);
268
269
  if (dangerousExtensions.includes(extension)) {
269
270
  return true;
270
271
  }
272
+ if (dangerousMimeTypes.includes(file.type)) {
273
+ return true;
274
+ }
271
275
 
272
- // Check for polyglot files (files that are valid in multiple formats)
273
276
  try {
274
277
  const buffer = await file.slice(0, 1024).arrayBuffer();
275
278
  const bytes = new Uint8Array(buffer);
276
279
  const content = new TextDecoder().decode(bytes);
277
-
278
- // Look for script patterns
280
+
279
281
  const scriptPatterns = [
280
282
  /<script/i,
281
283
  /javascript:/i,
282
284
  /vbscript:/i,
283
285
  /<iframe/i,
284
286
  /<object/i,
285
- /<embed/i
287
+ /<embed/i,
288
+ /on[a-z]+\s*=/i,
286
289
  ];
287
290
 
288
291
  return scriptPatterns.some(pattern => pattern.test(content));