chanjs 2.0.17 → 2.0.19

package/middleware/index.js

@@ -1,23 +1,23 @@
-import {log} from "./log.js";
-import {setCookie} from "./cookie.js";
-import {setFavicon} from "./favicon.js";
-import {setBody} from "./setBody.js";
-import {setStatic} from "./static.js";
-import {setHeader} from "./header.js";
-import {setTemplate} from "./template.js";
-import {validator} from "./validator.js";
-import {Cors} from "./cors.js";
-import {waf} from "./waf.js";
+import { log } from "./log.js";
+import { setCookie } from "./cookie.js";
+import { setFavicon } from "./favicon.js";
+import { setBody } from "./setBody.js";
+import { setStatic } from "./static.js";
+import { setHeader } from "./header.js";
+import { setTemplate } from "./template.js";
+import { validator } from "./validator.js";
+import { Cors } from "./cors.js";
+import { waf } from "./waf.js";
 
 export {
-    log,
-    setCookie,
-    setFavicon,
-    setBody,
-    setStatic,
-    setHeader,
-    setTemplate,
-    Cors,
-    validator,
-    waf
-}
+  log,
+  setCookie,
+  setFavicon,
+  setBody,
+  setStatic,
+  setHeader,
+  setTemplate,
+  Cors,
+  validator,
+  waf,
+};

package/middleware/setBody.js

@@ -1,11 +1,10 @@
 import express from "express";
-
 let setBody = function (app, JSON_LIMIT) {
   // 1. 优先解析 XML 数据（必须在 json/urlencoded 之前）
-  app.use(express.raw({ type: 'application/xml', limit: JSON_LIMIT }));
+  app.use(express.raw({ type: "application/xml", limit: JSON_LIMIT }));
   // 2. 再解析 JSON 和表单数据
   app.use(express.json({ limit: JSON_LIMIT }));
   app.use(express.urlencoded({ extended: false }));
 };
 
-export { setBody };
+export { setBody };

package/middleware/template.js

@@ -1,8 +1,8 @@
-import '../extend/art-template.js'
+import "../extend/art-template.js";
 export let setTemplate = (app, config) => {
-  const {  views, env } = config;
- //合并插件中的view
-  const all = [...views, 'app/modules/web/view'];
+  const { views, env } = config;
+  //合并插件中的view
+  const all = [...views, "app/modules/web/view"];
   app.set("view options", {
     debug: env === "dev",
     cache: env === "prd",

package/middleware/validator.js

@@ -4,12 +4,12 @@ export const validator = (schemas) => (req, res, next) => {
     headers: schemas.headers,
     params: schemas.params,
     query: schemas.query,
-    body: schemas.body
+    body: schemas.body,
   };
 
   for (const [key, schema] of Object.entries(sections)) {
     if (!schema) continue;
-    
+
     const result = schema.safeParse(req[key]);
     if (!result.success) {
       // 返回首个错误信息

package/middleware/waf.js

@@ -6,47 +6,154 @@ const keywords = {
   // 需要全词匹配的关键词（避免短词误报）
   wholeWord: [
     // 系统命令/工具（容易产生短词误报）
-    "opt", "cmd", "rm", "mdc", "netcat", "nc", "mdb", "bin", "mk", "sys","sh","chomd",
-    "php-cgi","process","require","child_process","execSync","mainModule"
+    "opt",
+    "cmd",
+    "rm",
+    "mdc",
+    "netcat",
+    "nc",
+    "mdb",
+    "bin",
+    "mk",
+    "sys",
+    "sh",
+    "chomd",
+    "php-cgi",
+    "process",
+    "require",
+    "child_process",
+    "execSync",
+    "mainModule",
   ],
-  
+
   // 普通关键词（包含特殊字符或较长关键词）
   normal: [
     // 文件扩展名 & 敏感文件
-    ".php", ".asp", ".aspx", ".jsp", ".jspx", ".do", ".action", ".cgi", 
-    ".py", ".pl", ".md", ".log", ".conf", ".config", ".env", ".jsa",  
-    ".go", ".jhtml", ".shtml", ".cfm", ".svn", ".keys", ".hidden", 
-    ".bod", ".ll", ".backup", ".json", ".xml", ".bak", ".aws", 
-    ".database", ".cookie", ".rsp", ".old", ".tf", ".sql", ".vscode", 
-    ".docker", ".map", ".save", ".gz", ".yml", ".tar", ".sh", ".idea", ".s3",
+    ".php",
+    ".asp",
+    ".aspx",
+    ".jsp",
+    ".jspx",
+    ".do",
+    ".action",
+    ".cgi",
+    ".py",
+    ".pl",
+    ".md",
+    ".log",
+    ".conf",
+    ".config",
+    ".env",
+    ".jsa",
+    ".go",
+    ".jhtml",
+    ".shtml",
+    ".cfm",
+    ".svn",
+    ".keys",
+    ".hidden",
+    ".bod",
+    ".ll",
+    ".backup",
+    ".json",
+    ".xml",
+    ".bak",
+    ".aws",
+    ".database",
+    ".cookie",
+    ".rsp",
+    ".old",
+    ".tf",
+    ".sql",
+    ".vscode",
+    ".docker",
+    ".map",
+    ".save",
+    ".gz",
+    ".yml",
+    ".tar",
+    ".sh",
+    ".idea",
+    ".s3",
 
     // 敏感目录
-    "/administrator", "/wp-admin", 
+    "/administrator",
+    "/wp-admin",
 
     // 高危路径/应用
-    "phpMyAdmin", "setup", "wp-", "cgi-bin", "xampp", "staging", "internal",
-    "debug", "metadata", "secret", "smtp",  "redirect", "configs",
+    "phpMyAdmin",
+    "setup",
+    "wp-",
+    "cgi-bin",
+    "xampp",
+    "staging",
+    "internal",
+    "debug",
+    "metadata",
+    "secret",
+    "smtp",
+    "redirect",
+    "configs",
 
     // SQL 注入
-    "sleep(", "benchmark(", "concat(", "extractvalue(", "updatexml(",
-    "version(", "union select", "union all", "select @@", "drop",
-    "alter", "truncate", "exec", "(select", "information_schema",
-    "load_file(", "into outfile", "into dumpfile",
+    "sleep(",
+    "benchmark(",
+    "concat(",
+    "extractvalue(",
+    "updatexml(",
+    "version(",
+    "union select",
+    "union all",
+    "select @@",
+    "drop",
+    "alter",
+    "truncate",
+    "exec",
+    "(select",
+    "information_schema",
+    "load_file(",
+    "into outfile",
+    "into dumpfile",
 
     // 命令注入
-    "cmd=", "system(", "exec(", "shell_exec(", "passthru(", "base64_decode",
-    "eval(", "assert(", "preg_replace", "bash -i", "rm -rf", "wget ", "curl ",
-    "chmod ", "phpinfo()",
+    "cmd=",
+    "system(",
+    "exec(",
+    "shell_exec(",
+    "passthru(",
+    "base64_decode",
+    "eval(",
+    "assert(",
+    "preg_replace",
+    "bash -i",
+    "rm -rf",
+    "wget ",
+    "curl ",
+    "chmod ",
+    "phpinfo()",
 
     // 路径遍历
-    "../", "..\\", "/etc/passwd", "/etc/shadow",
+    "../",
+    "..\\",
+    "/etc/passwd",
+    "/etc/shadow",
 
     // XSS
-    "<script", "javascript:", "onerror=", "onload=", "alert(", "document.cookie",
+    "<script",
+    "javascript:",
+    "onerror=",
+    "onload=",
+    "alert(",
+    "document.cookie",
 
     // 特殊编码
-    "0x7e", "UNION%20SELECT", "%27OR%27", "{{", "}}", "1+1"
-  ]
+    "0x7e",
+    "UNION%20SELECT",
+    "%27OR%27",
+    "{{",
+    "}}",
+    "1+1",
+  ],
 };
 
 // === 预处理：构建正则缓存 ===
@@ -116,7 +223,7 @@ const safe = (req, res, next) => {
     }
 
     const fullText = checkText + bodyText;
-    
+
     // 空文本直接跳过检测
     if (!fullText.trim()) return next();
 
@@ -151,7 +258,8 @@ const safe = (req, res, next) => {
         userAgent: userAgent.substring(0, 100),
         method: req.method,
         matchedKeyword,
-        sample: fullText.substring(0, 200) + (fullText.length > 200 ? "..." : ""),
+        sample:
+          fullText.substring(0, 200) + (fullText.length > 200 ? "..." : ""),
       });
 
       // 根据WAF级别决定拦截方式

package/package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "chanjs",
-  "version": "2.0.17",
+  "version": "2.0.19",
   "description": "chanjs基于express5 纯js研发的轻量级mvc框架。",
   "main": "index.js",
   "module": "index.js",

package/utils/response.js

@@ -1,7 +1,11 @@
 import { CODE, DB_ERROR } from "../config/code.js";
 
-// ====================== 模块级别工具函数 ======================
-export const getDefaultErrorCode = (error) => {
+/**
+ * @description 获取数据库错误码
+ * @param {*} error
+ * @returns {Number} 默认错误码
+ */
+const getDefaultErrorCode = (error) => {
   if (error.message.includes("syntax") || error.message.includes("SQL")) {
     return 6008;
   } else if (error.message.includes("Connection closed")) {
@@ -12,11 +16,14 @@ export const getDefaultErrorCode = (error) => {
   return 5001;
 };
 
+/**
+ * @description 数据库错误响应处理函数
+ * @param {*} err
+ * @returns {Object} 错误响应对象
+ */
 export const error = (err) => {
   console.error("DB Error:", err);
-  // 从映射表获取状态码或使用默认错误码
   const errorCode = DB_ERROR[err.code] || getDefaultErrorCode(err);
-
   return {
     success: false,
     msg: CODE[errorCode], // 从CODE对象获取错误消息
@@ -28,8 +35,13 @@ export const error = (err) => {
   };
 };
 
+/**
+ * @description 错误响应处理函数
+ * @param {*} msg
+ * @param {*} data
+ * @returns {Object} 失败响应对象
+ */
 export const fail = (msg = CODE[201], data = {}) => {
-  console.warn("Operation failed:", msg);
   return {
     success: false,
     msg,
@@ -38,6 +50,12 @@ export const fail = (msg = CODE[201], data = {}) => {
   };
 };
 
+/**
+ * @description 成功响应处理函数
+ * @param {*} data
+ * @param {*} msg
+ * @returns {Object} 成功响应对象
+ */
 export const success = (data = {}, msg = CODE[200]) => ({
   success: true,
   msg,