chanjs 2.0.16 → 2.0.18

package/config/code.js

@@ -1,4 +1,6 @@
-// 简化的状态码定义（数字作为键）
+/**
+ * @description 状态码定义
+ */
 export const CODE = {
   200: "操作成功", // 成功
   201: "操作失败", // 通用失败
@@ -36,7 +38,9 @@ export const CODE = {
   6009: "数据库连接已关闭，请重试", // 连接已关闭
 };
 
-// 数据库错误码映射（仅映射状态码）
+/**
+ * @description 数据库错误码定义
+ */
 export const DB_ERROR = {
   ECONNREFUSED: 6001,
   ER_ACCESS_DENIED_ERROR: 6002,

package/core/service.js

@@ -1,7 +1,25 @@
 import { success, fail, error } from "../utils/response.js";
 import { CODE } from "../config/code.js";
-// ====================== 共享数据库方法 ======================
-const databaseMethods = {
+
+/**
+ * 数据库服务类
+ */
+class Service {
+  /**
+   * 构造函数
+   * @param {Object} knex - Knex实例
+   * @param {string} model - 表名/模型名
+   */
+  constructor(knex, model) {
+    if (!knex || !model) {
+      throw new Error("Service: knex instance and model name are required");
+    }
+
+    this.knex = knex;
+    this.model = model;
+    this.pageSize = 100;
+  }
+
   /**
    * 查询表所有记录（慎用）
    * @param {Object} query - 查询条件
@@ -18,7 +36,7 @@ const databaseMethods = {
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 获取单个记录
@@ -36,7 +54,7 @@ const databaseMethods = {
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 根据ID查询记录
@@ -51,13 +69,13 @@ const databaseMethods = {
       if (field.length > 0) dataQuery = dataQuery.select(field);
       if (len === 1) dataQuery = dataQuery.first();
       else if (len > 1) dataQuery = dataQuery.limit(len);
-      
+
       const res = await dataQuery;
       return success(res || (len === 1 ? {} : []));
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 创建新记录
@@ -66,18 +84,15 @@ const databaseMethods = {
    */
   async insert(data = {}) {
     try {
-      console.log('data--->',data)
       if (Object.keys(data).length === 0) {
         return fail(CODE[2002], { code: 2002 });
       }
-
-      console.log('this.model--->',this.model)
       const result = await this.knex(this.model).insert(data);
       return success(result?.length > 0 || !!result);
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 插入多条记录
@@ -94,7 +109,7 @@ const databaseMethods = {
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 根据指定条件删除记录
@@ -111,7 +126,7 @@ const databaseMethods = {
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 根据指定条件更新记录
@@ -125,17 +140,12 @@ const databaseMethods = {
       if (!query || !params || Object.keys(query).length === 0) {
         return fail(CODE[2001], { code: 2001 });
       }
-      console.log('query--->',query)
-      console.log('this.model--->',this.model)
-
-      console.log('params---->',params)
       const result = await this.knex(this.model).where(query).update(params);
-      console.log('result--->',result)
       return success(!!result);
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 批量更新多条记录
@@ -146,7 +156,7 @@ const databaseMethods = {
     if (!Array.isArray(updates) || updates.length === 0) {
       return fail(CODE[2002], { code: 2002 });
     }
-    
+
     const trx = await this.knex.transaction();
     try {
       for (const { query, params } of updates) {
@@ -162,7 +172,7 @@ const databaseMethods = {
       await trx.rollback();
       return error(err);
     }
-  },
+  }
 
   /**
    * 分页查询
@@ -178,7 +188,7 @@ const databaseMethods = {
       const offset = (current - 1) * pageSize;
       let countQuery = this.knex(this.model).count("* as total");
       let dataQuery = this.knex(this.model);
-      
+
       if (Object.keys(query).length > 0) {
         Object.entries(query).forEach(([key, value]) => {
           countQuery = countQuery.where(key, value);
@@ -190,7 +200,7 @@ const databaseMethods = {
 
       const [totalResult, list] = await Promise.all([
         countQuery.first(),
-        dataQuery.offset(offset).limit(pageSize)
+        dataQuery.offset(offset).limit(pageSize),
       ]);
 
       const total = totalResult?.total || 0;
@@ -198,7 +208,7 @@ const databaseMethods = {
     } catch (err) {
       return error(err);
     }
-  },
+  }
 
   /**
    * 计数查询
@@ -209,7 +219,7 @@ const databaseMethods = {
     try {
       let dataQuery = this.knex(this.model);
       if (query.length > 0) {
-        query.forEach(condition => dataQuery = dataQuery.where(condition));
+        query.forEach((condition) => (dataQuery = dataQuery.where(condition)));
       }
       const result = await dataQuery.count("* as total").first();
       return success(Number(result?.total) || 0);
@@ -217,36 +227,6 @@ const databaseMethods = {
       return error(err);
     }
   }
-};
-
-// ====================== 工厂函数 ======================
-/**
- * 创建数据库服务实例
- * @param {Object} knex - Knex实例
- * @param {string} model - 表名/模型名
- * @returns {Object} 数据库服务实例
- */
-export default function Service(knex, model) {
-  if (!knex || !model) {
-    throw new Error('Service: knex instance and model name are required');
-  }
-  
-  // 创建继承数据库方法的轻量对象
-  const service = Object.create(databaseMethods);
-  
-  // 设置实例专属状态（不可写）
-  Object.defineProperties(service, {
-    knex: {
-      value: knex,
-      writable: false,
-      enumerable: true
-    },
-    model: {
-      value: model,
-      writable: false,
-      enumerable: true
-    }
-  });
-  
-  return service;
 }
+
+export default Service;

package/extend/art-template.js

@@ -1,5 +1,5 @@
 const template = requirejs("art-template");
-import dayjs from 'dayjs';
+import dayjs from "dayjs";
 // 注册 dateFormat 函数
 template.defaults.imports.dateFormat = function (date, format) {
   if (!date) {

package/global/import.js

@@ -1,4 +1,3 @@
-
 import fs from "fs/promises";
 import { pathToFileURL } from "url";
 import { createRequire } from "module";
@@ -9,8 +8,8 @@ import { createRequire } from "module";
  * @returns {Promise<object|null>} 模块对象或null
  */
 const importFile = async (filepath) => {
-  if (!filepath || typeof filepath !== 'string') {
-    console.error('错误: 文件路径必须是有效的字符串');
+  if (!filepath || typeof filepath !== "string") {
+    console.error("错误: 文件路径必须是有效的字符串");
     return null;
   }
 
@@ -20,9 +19,9 @@ const importFile = async (filepath) => {
     const module = await import(fileUrl);
     return module.default || module;
   } catch (error) {
-    if (error.code === 'ENOENT') {
+    if (error.code === "ENOENT") {
       console.error(`文件不存在: ${filepath}`);
-    } else if (error.code === 'EACCES') {
+    } else if (error.code === "EACCES") {
       console.error(`没有权限访问文件: ${filepath}`);
     } else {
       console.error(`导入文件时出错 [${filepath}]:`, error.message);
@@ -37,4 +36,4 @@ const importFile = async (filepath) => {
 export const importjs = createRequire(import.meta.url);
 
 global.requirejs = importjs;
-global.importFile = importFile;
+global.importFile = importFile;

package/helper/data-parse.js

@@ -5,53 +5,58 @@
  * @param {string} valueField - 作为值的字段名
  * @returns {Object} 转换后的对象
  */
-export const arrToObj = (arr, keyField = 'config_key', valueField = 'config_value') => {
-    // 输入验证
-    if (!Array.isArray(arr)) {
-      throw new Error('arrToObj 期望接收数组作为第一个参数');
-    }
-    
-    return arr.reduce((result, item) => {
-      if (item && typeof item === 'object') {
-        const key = item[keyField];
-        const value = item[valueField];
-        if (key !== undefined && value !== undefined) {
-          result[key] = value;
-        }
-      }
-      return result;
-    }, {});
-  };
-
+export const arrToObj = (
+  arr,
+  keyField = "config_key",
+  valueField = "config_value"
+) => {
+  // 输入验证
+  if (!Array.isArray(arr)) {
+    throw new Error("arrToObj 期望接收数组作为第一个参数");
+  }
 
-  /**
-   * @description 将字符串中的 JSON 字符串转换为对象
-   * @param {*} obj - 包含 JSON 字符串的对象
-   * @returns 
-   */
-  export function parseJsonFields(obj) {
-    const result = {};
-    for (const key in obj) {
-      if (!obj.hasOwnProperty(key)) continue;
-      const value = obj[key];
-      // 如果是字符串，并且看起来像 JSON（以 { 或 [ 开头）
-      if (typeof value === 'string' && (value.startsWith('{') || value.startsWith('['))) {
-        try {
-          result[key] = JSON.parse(value);
-        } catch (e) {
-          console.warn(`JSON parse failed for field: ${key}`, e);
-          result[key] = value; // 保留原始值
-        }
-      } else {
+  return arr.reduce((result, item) => {
+    if (item && typeof item === "object") {
+      const key = item[keyField];
+      const value = item[valueField];
+      if (key !== undefined && value !== undefined) {
         result[key] = value;
       }
     }
-  
     return result;
+  }, {});
+};
+
+/**
+ * @description 将字符串中的 JSON 字符串转换为对象
+ * @param {*} obj - 包含 JSON 字符串的对象
+ * @returns
+ */
+export function parseJsonFields(obj) {
+  const result = {};
+  for (const key in obj) {
+    if (!obj.hasOwnProperty(key)) continue;
+    const value = obj[key];
+    // 如果是字符串，并且看起来像 JSON（以 { 或 [ 开头）
+    if (
+      typeof value === "string" &&
+      (value.startsWith("{") || value.startsWith("["))
+    ) {
+      try {
+        result[key] = JSON.parse(value);
+      } catch (e) {
+        console.warn(`JSON parse failed for field: ${key}`, e);
+        result[key] = value; // 保留原始值
+      }
+    } else {
+      result[key] = value;
+    }
   }
 
+  return result;
+}
 
-  /**
+/**
  * @param {Array} arr - 原始数据数组
  * @param {number|string} [pid=0] - 根节点父ID
  * @param {string} [idKey='id'] - ID字段名
@@ -59,27 +64,39 @@ export const arrToObj = (arr, keyField = 'config_key', valueField = 'config_valu
  * @param {string} [childrenKey='children'] - 子节点字段名
  * @returns {Array} 树形结构数组
  */
-export function buildTree(arr, pid = 0, idKey = 'id', pidKey = 'pid', childrenKey = 'children') {
+export function buildTree(
+  arr,
+  pid = 0,
+  idKey = "id",
+  pidKey = "pid",
+  childrenKey = "children"
+) {
   // 基础参数校验
   if (!Array.isArray(arr)) return [];
-  
+
   const tree = [];
-  
+
   for (let i = 0; i < arr.length; i++) {
     const item = arr[i];
     // 找到当前层级的节点
     if (item[pidKey] === pid) {
       // 递归查找子节点（通过slice创建子数组，避免重复遍历已处理项）
-      const children = buildTree(arr.slice(i + 1), item[idKey], idKey, pidKey, childrenKey);
-      
+      const children = buildTree(
+        arr.slice(i + 1),
+        item[idKey],
+        idKey,
+        pidKey,
+        childrenKey
+      );
+
       // 有子节点则添加，避免空数组
       if (children.length) {
         item[childrenKey] = children;
       }
-      
+
       tree.push(item);
     }
   }
-  
+
   return tree;
 }

package/helper/db.js

@@ -19,7 +19,7 @@ const getDefaultErrorMessage = (error) => {
   }
   return "数据库发生未知错误，请稍后重试。";
 };
-export const db =({
+export const db = ({
   client = "mysql2",
   host = "127.0.0.1",
   user = "root",
@@ -30,8 +30,8 @@ export const db =({
   charset = "utf8mb4",
   min = 0,
   max = 2,
-  filename=''
-}) =>{
+  filename = "",
+}) => {
   let config = {
     client,
     connection: {
@@ -40,20 +40,23 @@ export const db =({
       user,
       password,
       database,
-      charset
+      charset,
     },
     debug,
     pool: {
       //默认为{min: 2, max: 10},连接池配置
       min,
       max,
-       // 添加连接池错误处理
-       afterCreate: (conn, done) => {
-        conn.on('error', (error) => {
-          console.error(`[连接池错误] 连接出错: ${getDefaultErrorMessage(error)}`, error);
+      // 添加连接池错误处理
+      afterCreate: (conn, done) => {
+        conn.on("error", (error) => {
+          console.error(
+            `[连接池错误] 连接出错: ${getDefaultErrorMessage(error)}`,
+            error
+          );
         });
         done(null, conn);
-      }
+      },
     },
     log: {
       warn(message) {
@@ -79,10 +82,10 @@ export const db =({
       },
     },
   };
-  
-	if(client==='sqlite3' || client === 'better-sqlite3'){
-		config.connection.filename = filename
-	}
+
+  if (client === "sqlite3" || client === "better-sqlite3") {
+    config.connection.filename = filename;
+  }
 
   return knex(config);
 };

package/helper/file.js

@@ -1,17 +1,16 @@
-import fs from 'fs/promises';
-import { accessSync, unlinkSync, existsSync, mkdirSync } from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
+import fs from "fs/promises";
+import { accessSync, unlinkSync, existsSync, mkdirSync } from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
 
-export const dirname = (url) =>{
+export const dirname = (url) => {
   const __filename = fileURLToPath(url);
   return path.dirname(__filename);
-}
-
+};
 
 /**
  * 获取指定路径的文件树结构
- * 
+ *
  * @param {string} basePath - 要扫描的基础路径
  * @param {boolean} [deep=true] - 是否深度遍历子目录
  * @returns {Promise<Array<Object>>} 文件树数组，每个元素包含文件/目录信息
@@ -43,13 +42,15 @@ export const getFileTree = async (basePath, deep = true) => {
         name: item,
         path: itemPath,
         relativePath: path.relative(ROOT_PATH, itemPath),
-        type: itemStats.isDirectory() ? 'directory' : 'file',
+        type: itemStats.isDirectory() ? "directory" : "file",
         size: itemStats.size,
         modified: itemStats.mtime,
-        depth: itemPath.split(path.sep).length - path.resolve(ROOT_PATH).split(path.sep).length
+        depth:
+          itemPath.split(path.sep).length -
+          path.resolve(ROOT_PATH).split(path.sep).length,
       };
 
-      if (treeItem.type === 'directory' && deep) {
+      if (treeItem.type === "directory" && deep) {
         treeItem.children = await getFileTree(itemPath, deep);
       }
 
@@ -59,9 +60,9 @@ export const getFileTree = async (basePath, deep = true) => {
     // 排序：文件夹在前，文件在后，名称按字母顺序排列
     return tree.sort((a, b) => {
       if (a.type === b.type) {
-        return a.name.localeCompare(b.name, undefined, { sensitivity: 'base' });
+        return a.name.localeCompare(b.name, undefined, { sensitivity: "base" });
       }
-      return a.type === 'directory' ? -1 : 1;
+      return a.type === "directory" ? -1 : 1;
     });
   } catch (error) {
     console.error(`获取文件树失败: ${basePath}`, error);
@@ -71,7 +72,7 @@ export const getFileTree = async (basePath, deep = true) => {
 
 /**
  * 读取文件内容（UTF-8编码）
- * 
+ *
  * @param {string} filePath - 要读取的文件路径
  * @returns {Promise<string>} 文件内容字符串
  * @throws {Error} 当文件不存在、无法读取或不是文件时抛出错误
@@ -79,17 +80,17 @@ export const getFileTree = async (basePath, deep = true) => {
 export const readFileContent = async (filePath) => {
   try {
     // 先检查路径是否安全
-    if (!isPathSafe(filePath,APP_PATH)  && !isPathSafe(filePath,ROOT_PATH)) {
+    if (!isPathSafe(filePath, APP_PATH) && !isPathSafe(filePath, ROOT_PATH)) {
       throw new Error(`路径不安全: ${filePath}`);
     }
-    
+
     // 检查是否为文件
     const stats = await fs.stat(filePath);
     if (!stats.isFile()) {
       throw new Error(`不是文件: ${filePath}`);
     }
-    
-    return await fs.readFile(filePath, 'utf8');
+
+    return await fs.readFile(filePath, "utf8");
   } catch (error) {
     console.error(`读取文件失败: ${filePath}`, error);
     throw error;
@@ -98,7 +99,7 @@ export const readFileContent = async (filePath) => {
 
 /**
  * 保存内容到文件（UTF-8编码）
- * 
+ *
  * @param {string} filePath - 要保存的文件路径
  * @param {string} content - 要写入的内容
  * @returns {Promise<void>} 无返回值
@@ -107,16 +108,16 @@ export const readFileContent = async (filePath) => {
 export const saveFileContent = async (filePath, content) => {
   try {
     // 先检查路径是否安全
-    if (!isPathSafe(filePath,APP_PATH)  && !isPathSafe(filePath,ROOT_PATH)) {
+    if (!isPathSafe(filePath, APP_PATH) && !isPathSafe(filePath, ROOT_PATH)) {
       throw new Error(`路径不安全: ${filePath}`);
     }
-    
+
     // 确保目录存在
     const dirname = path.dirname(filePath);
     await fs.mkdir(dirname, { recursive: true });
-    
+
     // 写入文件
-    await fs.writeFile(filePath, content, 'utf8');
+    await fs.writeFile(filePath, content, "utf8");
   } catch (error) {
     console.error(`保存文件失败: ${filePath}`, error);
     throw error;
@@ -125,7 +126,7 @@ export const saveFileContent = async (filePath, content) => {
 
 /**
  * 验证路径是否在基础路径范围内（防止路径遍历攻击）
- * 
+ *
  * @param {string} requestedPath - 要验证的路径
  * @param {string} basePath - 基础路径，requestedPath必须在此路径下
  * @returns {boolean} 如果路径安全则返回true，否则返回false
@@ -139,7 +140,7 @@ export const isPathSafe = (requestedPath, basePath) => {
 
 /**
  * 删除指定路径的图片文件
- * 
+ *
  * @param {string} link - 图片文件的路径
  * @returns {boolean} 成功删除返回true，否则返回false
  * @description 同步操作，会检查文件是否存在后再删除
@@ -151,10 +152,10 @@ export function delImg(link) {
       console.error(`路径不安全: ${link}`);
       return false;
     }
-    
+
     // 检查文件是否存在
     accessSync(link);
-    
+
     // 删除文件
     unlinkSync(link);
     return true;
@@ -166,7 +167,7 @@ export function delImg(link) {
 
 /**
  * 递归创建目录（同步操作）
- * 
+ *
  * @param {string} dirname - 要创建的目录路径
  * @returns {boolean} 成功创建或目录已存在返回true，否则返回false
  * @description 类似于mkdir -p命令，会创建所有不存在的父目录
@@ -178,18 +179,18 @@ export function mkdirsSync(dirname) {
       console.error(`路径不安全: ${dirname}`);
       return false;
     }
-    
+
     if (existsSync(dirname)) {
       return true;
     }
-    
+
     // 递归创建父目录
     const parentDir = path.dirname(dirname);
     if (mkdirsSync(parentDir)) {
       mkdirSync(dirname);
       return true;
     }
-    
+
     return false;
   } catch (err) {
     console.error(`创建目录失败: ${dirname}`, err);
@@ -197,7 +198,6 @@ export function mkdirsSync(dirname) {
   }
 }
 
-
 export default {
   mkdirsSync,
   delImg,
@@ -205,4 +205,4 @@ export default {
   saveFileContent,
   readFileContent,
   getFileTree,
-}
+};

package/helper/html.js

@@ -5,17 +5,21 @@
  */
 export const htmlEncode = (str) => {
   // 非字符串直接返回，避免报错
-  if (typeof str !== 'string') return str;
-  
+  if (typeof str !== "string") return str;
+
   // 一次性替换所有特殊字符，减少函数调用
-  return str.replace(/[&<>"' ]/g, match => ({
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#39;',
-    ' ': '&nbsp;'
-  }[match]));
+  return str.replace(
+    /[&<>"' ]/g,
+    (match) =>
+      ({
+        "&": "&amp;",
+        "<": "&lt;",
+        ">": "&gt;",
+        '"': "&quot;",
+        "'": "&#39;",
+        " ": "&nbsp;",
+      }[match])
+  );
 };
 
 /**
@@ -25,15 +29,19 @@ export const htmlEncode = (str) => {
  */
 export const htmlDecode = (str) => {
   // 非字符串直接返回，避免报错
-  if (typeof str !== 'string') return str;
-  
+  if (typeof str !== "string") return str;
+
   // 一次性替换所有常见实体，减少函数调用
-  return str.replace(/&amp;|&lt;|&gt;|&nbsp;|&#39;|&quot;/g, match => ({
-    '&amp;': '&',
-    '&lt;': '<',
-    '&gt;': '>',
-    '&nbsp;': ' ',
-    '&#39;': "'",
-    '&quot;': '"'
-  }[match]));
-};
+  return str.replace(
+    /&amp;|&lt;|&gt;|&nbsp;|&#39;|&quot;/g,
+    (match) =>
+      ({
+        "&amp;": "&",
+        "&lt;": "<",
+        "&gt;": ">",
+        "&nbsp;": " ",
+        "&#39;": "'",
+        "&quot;": '"',
+      }[match])
+  );
+};

package/helper/index.js

@@ -1,9 +1,4 @@
+import { db } from "./db.js";
+import { loaderSort, loadConfig } from "./loader.js";
 
-import { db } from './db.js'
-import { loaderSort, loadConfig } from './loader.js'
-
-export {
-  db,
-  loaderSort,
-  loadConfig,
-}
+export { db, loaderSort, loadConfig };

package/helper/ip.js

@@ -3,34 +3,35 @@
  * @param {Object} req - Express请求对象
  * @returns {string} 格式化后的IP地址，默认返回空字符串
  */
-export const getIp = (req) =>{
-  
+export const getIp = (req) => {
   // 优先级从高到低获取可能的IP来源
   const ipSources = [
-    req.headers['x-forwarded-for'],  // 代理场景下的真实IP（可能多个，逗号分隔）
-    req.headers['x-real-ip'],       // 部分代理服务器使用
-    req.ip,                         // Express内置的IP获取（已处理代理）
-    req.connection?.remoteAddress,  // 底层连接的远程地址
-    req.socket?.remoteAddress,      // 套接字的远程地址
-    req.connection?.socket?.remoteAddress  // 连接套接字的远程地址
+    req.headers["x-forwarded-for"], // 代理场景下的真实IP（可能多个，逗号分隔）
+    req.headers["x-real-ip"], // 部分代理服务器使用
+    req.ip, // Express内置的IP获取（已处理代理）
+    req.connection?.remoteAddress, // 底层连接的远程地址
+    req.socket?.remoteAddress, // 套接字的远程地址
+    req.connection?.socket?.remoteAddress, // 连接套接字的远程地址
   ];
 
   // 从来源中找到第一个有效IP字符串
-  let ip = ipSources.find(source => typeof source === 'string' && source.trim() !== '');
-  
+  let ip = ipSources.find(
+    (source) => typeof source === "string" && source.trim() !== ""
+  );
+
   // 若未找到有效IP，直接返回空
-  if (!ip) return '';
+  if (!ip) return "";
 
   // 处理多IP情况（取第一个）
-  ip = ip.split(',').shift().trim();
+  ip = ip.split(",").shift().trim();
 
   // IPv6转IPv4处理
-  if (ip === '::1') {
-    return '127.0.0.1';  // 本地环回地址
+  if (ip === "::1") {
+    return "127.0.0.1"; // 本地环回地址
   }
-  if (ip.startsWith('::ffff:')) {
-    return ip.slice(7);  // 去除IPv6映射的IPv4前缀
+  if (ip.startsWith("::ffff:")) {
+    return ip.slice(7); // 去除IPv6映射的IPv4前缀
   }
 
   return ip;
-}
+};

package/helper/jwt.js

@@ -1,41 +1,40 @@
 import jwt from "jsonwebtoken";
 
-
 /**
- * 
+ *
  * @param {Object} data - 要存储在令牌中的数据（不建议存放敏感信息）
  * @param {string} secretKey - 用于签名的密钥
  * @param {string} time - 令牌过期时间,如 '1h'、'7d' 或秒数
  * @returns {string} 生成的JWT令牌
  */
-export function setToken(data={}, secretKey='chancms', time='7d') {
+export function setToken(data = {}, secretKey = "chancms", time = "7d") {
   try {
     return jwt.sign(data, secretKey, {
       expiresIn: time,
-      algorithm: 'HS256',
+      algorithm: "HS256",
     });
   } catch (error) {
-    console.error('令牌生成失败:', error.message);
+    console.error("令牌生成失败:", error.message);
     throw new Error(`生成令牌失败: ${error.message}`);
   }
 }
 
 // 获取token
-export async function getToken(token, secretKey='chancms') {
+export async function getToken(token, secretKey = "chancms") {
   return new Promise((resolve, reject) => {
-    jwt.verify(token, secretKey,(err, decode) => {
+    jwt.verify(token, secretKey, (err, decode) => {
       if (err) {
-       let errorMessage = '令牌验证失败';
-       if (err.name === 'TokenExpiredError') {
-         errorMessage = '令牌已过期';
-       } else if (err.name === 'JsonWebTokenError') {
-         errorMessage = '无效的令牌';
-       }
-       console.error(errorMessage, '令牌异常信息:', err.message);
-       return reject(new Error(errorMessage));
+        let errorMessage = "令牌验证失败";
+        if (err.name === "TokenExpiredError") {
+          errorMessage = "令牌已过期";
+        } else if (err.name === "JsonWebTokenError") {
+          errorMessage = "无效的令牌";
+        }
+        console.error(errorMessage, "令牌异常信息:", err.message);
+        return reject(new Error(errorMessage));
       } else {
         resolve(decode);
       }
     });
   });
-}
+}

package/helper/loader.js

@@ -1,5 +1,27 @@
 import fs from "fs";
 import path from "path";
+import { pathToFileURL } from "url";
+
+/**
+ * @description 实例化一个类，并将该类的所有方法绑定到一个新的对象上。
+ * @param {Function} className - 需要实例化的类。
+ *@returns {Object} 包含绑定方法的对象。
+ */
+export const bindClass = function (className) {
+  let obj = {};
+  const cls = new className();
+  Object.getOwnPropertyNames(cls.constructor.prototype).forEach(
+    (methodName) => {
+      if (
+        methodName !== "constructor" &&
+        typeof cls[methodName] === "function"
+      ) {
+        obj[methodName] = cls[methodName].bind(cls);
+      }
+    }
+  );
+  return obj;
+};
 
 /**
  *

package/helper/time.js

@@ -21,8 +21,8 @@ export const formatDay = (data, time = true, format = "YYYY-MM-DD") => {
     }
   });
   return data;
-}
+};
 
 export const formatTime = (data, format = "YYYY-MM-DD HH:mm:ss") => {
   return dayjs(data).format("YYYY-MM-DD HH:mm:ss");
-}
+};

package/index.js

@@ -17,7 +17,7 @@ import {
   waf,
 } from "./middleware/index.js";
 import { db, loaderSort, loadConfig } from "./helper/index.js";
-import {dirname} from "./helper/file.js";
+import { dirname } from "./helper/file.js";
 
 class Chan {
   //版本号
@@ -30,6 +30,7 @@ class Chan {
   static extend = {}; //组件扩展
   static middleware = {}; //中间件
 
+
   constructor() {
     this.app = express();
     this.router = express.Router();
@@ -65,8 +66,8 @@ class Chan {
       logger,
       cors,
     } = Chan.config;
-    
-    this.app.set('trust proxy', true);
+
+    this.app.set("trust proxy", true);
     log(this.app, logger);
     setFavicon(this.app);
     setCookie(this.app, cookieKey);
@@ -134,7 +135,9 @@ class Chan {
 
   async loadFn(_path, key) {
     if (fs.existsSync(_path)) {
-      const files = fs.readdirSync(_path).filter((file) => file.endsWith(".js"));
+      const files = fs
+        .readdirSync(_path)
+        .filter((file) => file.endsWith(".js"));
       for (const file of files) {
         const filePath = path.join(_path, file);
         let helperModule = await importFile(filePath);

package/middleware/cookie.js

@@ -1,4 +1,4 @@
 import cookieParser from "cookie-parser";
-export const setCookie = (app,cookieKey) => {
-   app.use(cookieParser(cookieKey));
+export const setCookie = (app, cookieKey) => {
+  app.use(cookieParser(cookieKey));
 };

package/middleware/cors.js

@@ -1,4 +1,4 @@
 import cors from "cors";
-export const Cors = (app,_cors) => {
-    app.use(cors(_cors));
-};
+export const Cors = (app, _cors) => {
+  app.use(cors(_cors));
+};

package/middleware/header.js

@@ -1,4 +1,4 @@
-export let setHeader =  (app, { APP_NAME, APP_VERSION })=>{
+export let setHeader = (app, { APP_NAME, APP_VERSION }) => {
   app.use((req, res, next) => {
     res.setHeader("Create-By", "Chanjs");
     res.setHeader("X-Powered-By", "ChanCMS");

package/middleware/index.js

@@ -1,23 +1,23 @@
-import {log} from "./log.js";
-import {setCookie} from "./cookie.js";
-import {setFavicon} from "./favicon.js";
-import {setBody} from "./setBody.js";
-import {setStatic} from "./static.js";
-import {setHeader} from "./header.js";
-import {setTemplate} from "./template.js";
-import {validator} from "./validator.js";
-import {Cors} from "./cors.js";
-import {waf} from "./waf.js";
+import { log } from "./log.js";
+import { setCookie } from "./cookie.js";
+import { setFavicon } from "./favicon.js";
+import { setBody } from "./setBody.js";
+import { setStatic } from "./static.js";
+import { setHeader } from "./header.js";
+import { setTemplate } from "./template.js";
+import { validator } from "./validator.js";
+import { Cors } from "./cors.js";
+import { waf } from "./waf.js";
 
 export {
-    log,
-    setCookie,
-    setFavicon,
-    setBody,
-    setStatic,
-    setHeader,
-    setTemplate,
-    Cors,
-    validator,
-    waf
-}
+  log,
+  setCookie,
+  setFavicon,
+  setBody,
+  setStatic,
+  setHeader,
+  setTemplate,
+  Cors,
+  validator,
+  waf,
+};

package/middleware/setBody.js

@@ -1,11 +1,10 @@
 import express from "express";
-
 let setBody = function (app, JSON_LIMIT) {
+  // 1. 优先解析 XML 数据（必须在 json/urlencoded 之前）
+  app.use(express.raw({ type: "application/xml", limit: JSON_LIMIT }));
+  // 2. 再解析 JSON 和表单数据
   app.use(express.json({ limit: JSON_LIMIT }));
   app.use(express.urlencoded({ extended: false }));
-  app.use(express.raw({ type: 'application/xml', limit: JSON_LIMIT }));
 };
 
-export {
-  setBody
-}
+export { setBody };

package/middleware/template.js

@@ -1,8 +1,8 @@
-import '../extend/art-template.js'
+import "../extend/art-template.js";
 export let setTemplate = (app, config) => {
-  const {  views, env } = config;
- //合并插件中的view
-  const all = [...views, 'app/modules/web/view'];
+  const { views, env } = config;
+  //合并插件中的view
+  const all = [...views, "app/modules/web/view"];
   app.set("view options", {
     debug: env === "dev",
     cache: env === "prd",

package/middleware/validator.js

@@ -4,12 +4,12 @@ export const validator = (schemas) => (req, res, next) => {
     headers: schemas.headers,
     params: schemas.params,
     query: schemas.query,
-    body: schemas.body
+    body: schemas.body,
   };
 
   for (const [key, schema] of Object.entries(sections)) {
     if (!schema) continue;
-    
+
     const result = schema.safeParse(req[key]);
     if (!result.success) {
       // 返回首个错误信息

package/middleware/waf.js

@@ -6,47 +6,154 @@ const keywords = {
   // 需要全词匹配的关键词（避免短词误报）
   wholeWord: [
     // 系统命令/工具（容易产生短词误报）
-    "opt", "cmd", "rm", "mdc", "netcat", "nc", "mdb", "bin", "mk", "sys","sh","chomd",
-    "php-cgi","process","require","child_process","execSync","mainModule"
+    "opt",
+    "cmd",
+    "rm",
+    "mdc",
+    "netcat",
+    "nc",
+    "mdb",
+    "bin",
+    "mk",
+    "sys",
+    "sh",
+    "chomd",
+    "php-cgi",
+    "process",
+    "require",
+    "child_process",
+    "execSync",
+    "mainModule",
   ],
-  
+
   // 普通关键词（包含特殊字符或较长关键词）
   normal: [
     // 文件扩展名 & 敏感文件
-    ".php", ".asp", ".aspx", ".jsp", ".jspx", ".do", ".action", ".cgi", 
-    ".py", ".pl", ".md", ".log", ".conf", ".config", ".env", ".jsa",  
-    ".go", ".jhtml", ".shtml", ".cfm", ".svn", ".keys", ".hidden", 
-    ".bod", ".ll", ".backup", ".json", ".xml", ".bak", ".aws", 
-    ".database", ".cookie", ".rsp", ".old", ".tf", ".sql", ".vscode", 
-    ".docker", ".map", ".save", ".gz", ".yml", ".tar", ".sh", ".idea", ".s3",
+    ".php",
+    ".asp",
+    ".aspx",
+    ".jsp",
+    ".jspx",
+    ".do",
+    ".action",
+    ".cgi",
+    ".py",
+    ".pl",
+    ".md",
+    ".log",
+    ".conf",
+    ".config",
+    ".env",
+    ".jsa",
+    ".go",
+    ".jhtml",
+    ".shtml",
+    ".cfm",
+    ".svn",
+    ".keys",
+    ".hidden",
+    ".bod",
+    ".ll",
+    ".backup",
+    ".json",
+    ".xml",
+    ".bak",
+    ".aws",
+    ".database",
+    ".cookie",
+    ".rsp",
+    ".old",
+    ".tf",
+    ".sql",
+    ".vscode",
+    ".docker",
+    ".map",
+    ".save",
+    ".gz",
+    ".yml",
+    ".tar",
+    ".sh",
+    ".idea",
+    ".s3",
 
     // 敏感目录
-    "/administrator", "/wp-admin", 
+    "/administrator",
+    "/wp-admin",
 
     // 高危路径/应用
-    "phpMyAdmin", "setup", "wp-", "cgi-bin", "xampp", "staging", "internal",
-    "debug", "metadata", "secret", "smtp",  "redirect", "configs",
+    "phpMyAdmin",
+    "setup",
+    "wp-",
+    "cgi-bin",
+    "xampp",
+    "staging",
+    "internal",
+    "debug",
+    "metadata",
+    "secret",
+    "smtp",
+    "redirect",
+    "configs",
 
     // SQL 注入
-    "sleep(", "benchmark(", "concat(", "extractvalue(", "updatexml(",
-    "version(", "union select", "union all", "select @@", "drop",
-    "alter", "truncate", "exec", "(select", "information_schema",
-    "load_file(", "into outfile", "into dumpfile",
+    "sleep(",
+    "benchmark(",
+    "concat(",
+    "extractvalue(",
+    "updatexml(",
+    "version(",
+    "union select",
+    "union all",
+    "select @@",
+    "drop",
+    "alter",
+    "truncate",
+    "exec",
+    "(select",
+    "information_schema",
+    "load_file(",
+    "into outfile",
+    "into dumpfile",
 
     // 命令注入
-    "cmd=", "system(", "exec(", "shell_exec(", "passthru(", "base64_decode",
-    "eval(", "assert(", "preg_replace", "bash -i", "rm -rf", "wget ", "curl ",
-    "chmod ", "phpinfo()",
+    "cmd=",
+    "system(",
+    "exec(",
+    "shell_exec(",
+    "passthru(",
+    "base64_decode",
+    "eval(",
+    "assert(",
+    "preg_replace",
+    "bash -i",
+    "rm -rf",
+    "wget ",
+    "curl ",
+    "chmod ",
+    "phpinfo()",
 
     // 路径遍历
-    "../", "..\\", "/etc/passwd", "/etc/shadow",
+    "../",
+    "..\\",
+    "/etc/passwd",
+    "/etc/shadow",
 
     // XSS
-    "<script", "javascript:", "onerror=", "onload=", "alert(", "document.cookie",
+    "<script",
+    "javascript:",
+    "onerror=",
+    "onload=",
+    "alert(",
+    "document.cookie",
 
     // 特殊编码
-    "0x7e", "UNION%20SELECT", "%27OR%27", "{{", "}}", "1+1"
-  ]
+    "0x7e",
+    "UNION%20SELECT",
+    "%27OR%27",
+    "{{",
+    "}}",
+    "1+1",
+  ],
 };
 
 // === 预处理：构建正则缓存 ===
@@ -116,7 +223,7 @@ const safe = (req, res, next) => {
     }
 
     const fullText = checkText + bodyText;
-    
+
     // 空文本直接跳过检测
     if (!fullText.trim()) return next();
 
@@ -151,7 +258,8 @@ const safe = (req, res, next) => {
         userAgent: userAgent.substring(0, 100),
         method: req.method,
         matchedKeyword,
-        sample: fullText.substring(0, 200) + (fullText.length > 200 ? "..." : ""),
+        sample:
+          fullText.substring(0, 200) + (fullText.length > 200 ? "..." : ""),
       });
 
       // 根据WAF级别决定拦截方式

package/package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "chanjs",
-  "version": "2.0.16",
+  "version": "2.0.18",
   "description": "chanjs基于express5 纯js研发的轻量级mvc框架。",
   "main": "index.js",
   "module": "index.js",

package/utils/response.js

@@ -1,7 +1,11 @@
 import { CODE, DB_ERROR } from "../config/code.js";
 
-// ====================== 模块级别工具函数 ======================
-export const getDefaultErrorCode = (error) => {
+/**
+ * @description 获取数据库错误码
+ * @param {*} error
+ * @returns {Number} 默认错误码
+ */
+const getDefaultErrorCode = (error) => {
   if (error.message.includes("syntax") || error.message.includes("SQL")) {
     return 6008;
   } else if (error.message.includes("Connection closed")) {
@@ -12,11 +16,14 @@ export const getDefaultErrorCode = (error) => {
   return 5001;
 };
 
+/**
+ * @description 数据库错误响应处理函数
+ * @param {*} err
+ * @returns {Object} 错误响应对象
+ */
 export const error = (err) => {
   console.error("DB Error:", err);
-  // 从映射表获取状态码或使用默认错误码
   const errorCode = DB_ERROR[err.code] || getDefaultErrorCode(err);
-
   return {
     success: false,
     msg: CODE[errorCode], // 从CODE对象获取错误消息
@@ -28,8 +35,13 @@ export const error = (err) => {
   };
 };
 
+/**
+ * @description 错误响应处理函数
+ * @param {*} msg
+ * @param {*} data
+ * @returns {Object} 失败响应对象
+ */
 export const fail = (msg = CODE[201], data = {}) => {
-  console.warn("Operation failed:", msg);
   return {
     success: false,
     msg,
@@ -38,6 +50,12 @@ export const fail = (msg = CODE[201], data = {}) => {
   };
 };
 
+/**
+ * @description 成功响应处理函数
+ * @param {*} data
+ * @param {*} msg
+ * @returns {Object} 成功响应对象
+ */
 export const success = (data = {}, msg = CODE[200]) => ({
   success: true,
   msg,