chanjs 2.0.5 → 2.0.6

package/global/global.js

@@ -1,12 +1,8 @@
 import { pathToFileURL, fileURLToPath } from "url";
 import path from "path";
 const ROOT_PATH = process.cwd();
-
 const APP_PATH = path.join(ROOT_PATH, "app");
-const __filename = fileURLToPath(import.meta.url);
 const globals = {
-  __filename,
-  __dirname: path.dirname(__filename),
   ROOT_PATH,
   APP_PATH,
   CONFIG_PATH: path.join(ROOT_PATH, "config"),

package/global/import.js

@@ -3,7 +3,6 @@ import fs from "fs/promises";
 import { pathToFileURL } from "url";
 import { createRequire } from "module";
 
-
 /**
  * @description 安全导入ES模块文件
  * @param {string} filepath - 文件路径
@@ -16,14 +15,9 @@ const importFile = async (filepath) => {
   }
 
   try {
-    // 检查文件是否存在
     await fs.access(filepath);
-    
-    // 转换为文件URL以支持ES模块导入
     const fileUrl = pathToFileURL(filepath).href;
     const module = await import(fileUrl);
-    
-    // 返回默认导出或整个模块
     return module.default || module;
   } catch (error) {
     if (error.code === 'ENOENT') {

package/helper/data-parse.js

@@ -0,0 +1,85 @@
+/**
+ * 将数组转换为键值对对象
+ * @param {Array} arr - 包含键值对的数组
+ * @param {string} keyField - 作为键的字段名
+ * @param {string} valueField - 作为值的字段名
+ * @returns {Object} 转换后的对象
+ */
+export const arrToObj = (arr, keyField = 'config_key', valueField = 'config_value') => {
+    // 输入验证
+    if (!Array.isArray(arr)) {
+      throw new Error('arrToObj 期望接收数组作为第一个参数');
+    }
+    
+    return arr.reduce((result, item) => {
+      if (item && typeof item === 'object') {
+        const key = item[keyField];
+        const value = item[valueField];
+        if (key !== undefined && value !== undefined) {
+          result[key] = value;
+        }
+      }
+      return result;
+    }, {});
+  };
+
+
+  /**
+   * @description 将字符串中的 JSON 字符串转换为对象
+   * @param {*} obj - 包含 JSON 字符串的对象
+   * @returns 
+   */
+  export function parseJsonFields(obj) {
+    const result = {};
+    for (const key in obj) {
+      if (!obj.hasOwnProperty(key)) continue;
+      const value = obj[key];
+      // 如果是字符串，并且看起来像 JSON（以 { 或 [ 开头）
+      if (typeof value === 'string' && (value.startsWith('{') || value.startsWith('['))) {
+        try {
+          result[key] = JSON.parse(value);
+        } catch (e) {
+          console.warn(`JSON parse failed for field: ${key}`, e);
+          result[key] = value; // 保留原始值
+        }
+      } else {
+        result[key] = value;
+      }
+    }
+  
+    return result;
+  }
+
+
+  /**
+ * @param {Array} arr - 原始数据数组
+ * @param {number|string} [pid=0] - 根节点父ID
+ * @param {string} [idKey='id'] - ID字段名
+ * @param {string} [pidKey='pid'] - 父ID字段名
+ * @param {string} [childrenKey='children'] - 子节点字段名
+ * @returns {Array} 树形结构数组
+ */
+export function buildTree(arr, pid = 0, idKey = 'id', pidKey = 'pid', childrenKey = 'children') {
+  // 基础参数校验
+  if (!Array.isArray(arr)) return [];
+  
+  const tree = [];
+  
+  for (let i = 0; i < arr.length; i++) {
+    const item = arr[i];
+    // 找到当前层级的节点
+    if (item[pidKey] === pid) {
+      // 递归查找子节点（通过slice创建子数组，避免重复遍历已处理项）
+      const children = buildTree(arr.slice(i + 1), item[idKey], idKey, pidKey, childrenKey);
+      
+      // 有子节点则添加，避免空数组
+      if (children.length) {
+        item[childrenKey] = children;
+      }
+      
+      tree.push(item);
+    }
+  }
+  
+  return tree;
+}

package/helper/file.js

@@ -1,6 +1,13 @@
 import fs from 'fs/promises';
 import { accessSync, unlinkSync, existsSync, mkdirSync } from 'fs';
 import path from 'path';
+import { fileURLToPath } from 'url';
+
+export const dirname = (url) =>{
+  const __filename = fileURLToPath(url);
+  return path.dirname(__filename);
+}
+
 
 /**
  * 获取指定路径的文件树结构
@@ -35,11 +42,11 @@ export const getFileTree = async (basePath, deep = true) => {
       const treeItem = {
         name: item,
         path: itemPath,
-        relativePath: path.relative(APP_PATH, itemPath),
+        relativePath: path.relative(ROOT_PATH, itemPath),
         type: itemStats.isDirectory() ? 'directory' : 'file',
         size: itemStats.size,
         modified: itemStats.mtime,
-        depth: itemPath.split(path.sep).length - path.resolve(APP_PATH).split(path.sep).length
+        depth: itemPath.split(path.sep).length - path.resolve(ROOT_PATH).split(path.sep).length
       };
 
       if (treeItem.type === 'directory' && deep) {
@@ -72,7 +79,7 @@ export const getFileTree = async (basePath, deep = true) => {
 export const readFileContent = async (filePath) => {
   try {
     // 先检查路径是否安全
-    if (!isPathSafe(filePath, APP_PATH)) {
+    if (!isPathSafe(filePath,APP_PATH)  && !isPathSafe(filePath,ROOT_PATH)) {
       throw new Error(`路径不安全: ${filePath}`);
     }
     
@@ -100,7 +107,7 @@ export const readFileContent = async (filePath) => {
 export const saveFileContent = async (filePath, content) => {
   try {
     // 先检查路径是否安全
-    if (!isPathSafe(filePath, APP_PATH)) {
+    if (!isPathSafe(filePath,APP_PATH)  && !isPathSafe(filePath,ROOT_PATH)) {
       throw new Error(`路径不安全: ${filePath}`);
     }
     
@@ -126,7 +133,6 @@ export const saveFileContent = async (filePath, content) => {
 export const isPathSafe = (requestedPath, basePath) => {
   const resolvedRequestedPath = path.resolve(requestedPath);
   const resolvedBasePath = path.resolve(basePath);
-  
   // 检查请求的路径是否以基础路径为前缀
   return resolvedRequestedPath.startsWith(resolvedBasePath);
 };

package/helper/index.js

@@ -1,25 +1,9 @@
-import {
-  getFileTree,
-  readFileContent,
-  saveFileContent,
-  isPathSafe,
-} from "./file.js";
-import { setToken, getToken } from "./token.js";
-import { formatDay, fromatTime } from "./time.js";
-import { buildTree } from "./tree.js";
-import { htmlDecode } from "./html.js";
-import { getIp } from "./ip.js";
 
-export default {
-  getFileTree,
-  readFileContent,
-  saveFileContent,
-  isPathSafe,
-  setToken,
-  getToken,
-  formatDay,
-  fromatTime,
-  buildTree,
-  htmlDecode,
-  getIp
-};
+import { db } from './db.js'
+import { loaderSort, loadConfig } from './loader.js'
+
+export {
+  db,
+  loaderSort,
+  loadConfig,
+}

package/helper/loader.js

@@ -1,6 +1,5 @@
 import fs from "fs";
 import path from "path";
-import { bindClass } from "./bind.js";
 
 /**
  *
@@ -24,7 +23,6 @@ export const getPackage = async function () {
 
 export const loadConfig = async function () {
   let config = await importFile("config/index.js");
-  console.log("config", config);
   return config;
 };
 

package/helper/validate.js

@@ -0,0 +1,2 @@
+import { z } from "zod";
+export { z };

package/index.js

@@ -1,15 +1,8 @@
 import "./global/index.js";
 import path from "path";
 import fs from "fs";
-import {
-  bindClass,
-  db,
-  loaderSort,
-  getPackage,
-  loadConfig,
-  loadController,
-} from "./utils/index.js";
-import { express, z } from "./extend/import.js";
+import express from "express";
+
 import { Controller, Service } from "./core/index.js";
 import {
   log,
@@ -21,23 +14,16 @@ import {
   setTemplate,
   Cors,
   validator,
+  waf,
 } from "./middleware/index.js";
+import { db, loaderSort, loadConfig } from "./helper/index.js";
+import {dirname} from "./helper/file.js";
 
 class Chan {
-
   //版本号
   #version = "0.0.0";
-
-  
-
-  static helper = {
-    bindClass,
-    getPackage,
-    loadController,
-    db,
-    z,
-    validator,
-  }; 
+  static helper = {};
+  static common = {}; //公共方法
   static config = {}; //配置
   static Service = Service; //服务
   static Controller = Controller; //控制器
@@ -84,10 +70,12 @@ class Chan {
     setFavicon(this.app);
     setCookie(this.app, cookieKey);
     setBody(this.app, BODY_LIMIT);
+    waf(this.app);
     setTemplate(this.app, { views, env });
     setStatic(this.app, statics);
     Cors(this.app, cors);
     setHeader(this.app, { APP_NAME, APP_VERSION });
+   
   }
 
   //数据库操作
@@ -125,14 +113,34 @@ class Chan {
   }
 
   async loadExtend() {
-    if (fs.existsSync(EXTEND_PATH)) {
-      const files = fs
-        .readdirSync(EXTEND_PATH)
-        .filter((file) => file.endsWith(".js"));
+    let arr = [
+      {
+        _path: COMMON_PATH,
+        key: "common",
+      },
+      {
+        _path: HELPER_PATH,
+        key: "helper",
+      },
+      {
+        _path: path.join(dirname(import.meta.url), "helper"),
+        key: "helper",
+      },
+    ];
+    for (let item of arr) {
+      await this.loadFn(item._path, item.key);
+    }
+  }
+
+  async loadFn(_path, key) {
+    if (fs.existsSync(_path)) {
+      const files = fs.readdirSync(_path).filter((file) => file.endsWith(".js"));
       for (const file of files) {
-        const filePath = path.join(EXTEND_PATH, file);
+        const filePath = path.join(_path, file);
         let helperModule = await importFile(filePath);
-        Chan.helper[file.replace(".js", "")] = helperModule;
+        // Chan.common[file.replace(".js", "")] = helperModule;
+        // 将模块导出的所有方法/属性，直接混入到 Chan.common 上
+        Object.assign(Chan[key], helperModule);
       }
     }
   }

package/middleware/index.js

@@ -7,6 +7,7 @@ import {setHeader} from "./header.js";
 import {setTemplate} from "./template.js";
 import {validator} from "./validator.js";
 import {Cors} from "./cors.js";
+import {waf} from "./waf.js";
 
 export {
     log,
@@ -17,5 +18,6 @@ export {
     setHeader,
     setTemplate,
     Cors,
-    validator
+    validator,
+    waf
 }

package/middleware/waf.js

@@ -27,7 +27,7 @@ const keywords = [
   ".bak",
   ".aws",
   ".database",
-  ".cookie",
+  // ".cookie",
   ".location",
   ".dump",
   ".ftp",
@@ -72,7 +72,6 @@ const keywords = [
   "/php-cgi/",
   "/wp-",
   "/backup/",
-  "password",
   "redirect",
   "/phpMyAdmin/",
   "/setup/",
@@ -86,12 +85,8 @@ const keywords = [
   "a%",
   "union",
   "drop",
-  "update",
-  "insert",
-  "delete",
   "alter",
   "truncate",
-  "create",
   "exec",
 ];
 
@@ -128,10 +123,10 @@ const { combinedStrRegex, combinedRegRegex } = (() => {
 const safe = (req, res, next) => {
     try {
       // 1. 设置安全头（保持不变）
-      res.setHeader("X-Frame-Options", "SAMEORIGIN");
-      res.setHeader("X-Content-Type-Options", "nosniff");
-      res.setHeader("Referrer-Policy", "no-referrer-when-downgrade");
-      res.removeHeader("Server");
+      // res.setHeader("X-Frame-Options", "SAMEORIGIN");
+      // res.setHeader("X-Content-Type-Options", "nosniff");
+      // res.setHeader("Referrer-Policy", "no-referrer-when-downgrade");
+      // res.removeHeader("Server");
 
       // 2. 构建检查文本：req.path（仅路径）+ query（非空才加）（优化冗余）
       let checkText = req.path || "";
@@ -165,6 +160,8 @@ const safe = (req, res, next) => {
       // 合并完整文本（无需 toLowerCase）
       const fullText = checkText + bodyText;
 
+     
+
       // 4. 高效匹配：两次正则 test 替代 N 次循环（核心优化）
       let foundMatch = false;
       // 先检查字符串关键词合并正则（更快，因为无复杂正则逻辑）
@@ -182,7 +179,8 @@ const safe = (req, res, next) => {
           ip: getIp(req),
           userAgent: req.get("User-Agent") || "",
         });
-        return res.status(403).send("请求被安全策略拦截");
+     
+        return res.status(403).send("非法风险请求，已拦截");
       }
 
       next();

package/package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "chanjs",
-  "version": "2.0.5",
+  "version": "2.0.6",
   "description": "chanjs基于express5 纯js研发的轻量级mvc框架。",
   "main": "index.js",
   "module": "index.js",

package/common/api.js

@@ -1,20 +0,0 @@
-export const success = {
-  code: 200,
-  msg: "success",
-};
-
-export const fail = {
-  code: 201,
-  msg: "error",
-};
-
-export const error = {
-  code: 500,
-  msg: "error",
-}
-
-export default {
-  success,
-  fail,
-  error,
-}

package/common/code.js

@@ -1,20 +0,0 @@
-
-// 业务状态码（仅标识业务逻辑结果）
-export const API_CODE = {
-    SUCCESS: 200,                 // 成功
-    FAIL: 201,                   // 失败
-    ERROR: 500,                   // 错误
-    // 参数相关
-    PARAM_INVALID: 10001,       // 参数无效
-    PARAM_MISSING: 10002,       // 参数缺失
-    // 认证相关
-    AUTH_FAILED: 20001,         // 认证失败
-    TOKEN_EXPIRED: 20002,       // 令牌过期
-    // 资源相关
-    RESOURCE_NOT_FOUND: 30001,  // 资源不存在
-    RESOURCE_LOCKED: 30002,     // 资源锁定
-    // 系统相关
-    SYSTEM_ERROR: 50001,        // 系统错误
-    SERVICE_BUSY: 50002         // 服务繁忙
-};
-  

package/common/global.js

@@ -1,61 +0,0 @@
-
-import path from "path";
-import fs from "fs";
-import { pathToFileURL } from 'url';  // 新增顶部导入
-import dotenv from "dotenv";
-
-const ROOT_PATH = process.cwd();
-const APP_PATH = path.join(ROOT_PATH, "app");
-const CONFIG_PATH = path.join(APP_PATH, "config");
-const EXTEND_PATH = path.join(APP_PATH, "extend");
-const PUBLIC_PATH = path.join(APP_PATH, "public");
-const MODULES_PATH = path.join(APP_PATH, "modules");
-// 兼容低版本node common包
-import { createRequire } from "module";
-const requirejs = createRequire(import.meta.url);
-
-//let user = getFilePath('app/controller/user.js')
-
-//实现dirname
-global.__dirname = path.dirname(new URL(import.meta.url).pathname);
-//实现__filename
-global.__filename = new URL(import.meta.url).pathname;
-
-//加载环境变量
-const envFile = process.env.ENV_FILE || '.env.prd'
-dotenv.config({ path: path.join(ROOT_PATH, envFile) })
-
-// app
-global.APP_PATH = APP_PATH;
-// config
-global.CONFIG_PATH = CONFIG_PATH;
-// run root path
-global.ROOT_PATH = ROOT_PATH;
-// extend
-global.EXTEND_PATH = EXTEND_PATH;
-// public
-global.PUBLIC_PATH = PUBLIC_PATH;
-// modules
-global.MODULES_PATH = MODULES_PATH;
-// require 兼容低版本node common包
-global.requirejs = requirejs;
-//解决多重...问题
-const importRootFile = async (str) => {
-  let filepath = path.join(global.ROOT_PATH, str);
-  if (fs.existsSync(filepath)) {
-    const fileUrl = pathToFileURL(filepath).href; // 新增转换
-    const module = await import(fileUrl);
-    return module.default || module;
-  }
-};
-
-const importFile = async (filepath) => {
-  if (fs.existsSync(filepath)) {
-    const fileUrl = pathToFileURL(filepath).href; // 新增转换
-    const module = await import(fileUrl);
-    return module.default || module;
-  }
-};
-
-global.importFile = importFile;
-global.importRootFile = importRootFile;

package/extend/api.js

@@ -1,21 +0,0 @@
-let success = {
-  code: 200,
-  msg: "success",
-};
-
-let fail = {
-  code: 201,
-  msg: "error",
-};
-
-const error = {
-  code: 500,
-  msg: "error",
-}
-
-
-export default {
-  success,
-  fail,
-  error,
-}

package/extend/file.js

@@ -1,92 +0,0 @@
-import fs from 'fs/promises';
-import path from 'path';
-
-/**
- * 获取文件树
- * @param {string} basePath 
- * @returns {Promise<Array>}
- */
-export const getFileTree = async (basePath,deep = true) => {
-  try {
-    const stats = await fs.stat(basePath);
-    if (!stats.isDirectory()) {
-      return [];
-    }
-
-    const items = await fs.readdir(basePath);
-    const tree = [];
-
-    for (const item of items) {
-      const itemPath = path.join(basePath, item);
-      const itemStats = await fs.stat(itemPath);
-
-      const treeItem = {
-        name: item,
-        path: itemPath,
-        relativePath: path.relative(APP_PATH, itemPath),
-        type: itemStats.isDirectory() ? 'directory' : 'file',
-        size: itemStats.size,
-        modified: itemStats.mtime,
-        depth: itemPath.split(path.sep).length - 1
-      };
-
-      if (treeItem.type === 'directory' && deep) {
-        treeItem.children = await getFileTree(itemPath);
-      }
-
-      tree.push(treeItem);
-    }
-
-    // 排序：文件夹在前，文件在后
-    return tree.sort((a, b) => {
-      if (a.type === b.type) {
-        return a.name.localeCompare(b.name);
-      }
-      return a.type === 'directory' ? -1 : 1;
-    });
-  } catch (error) {
-    console.error(`获取文件树失败: ${basePath}`, error);
-    throw error;
-  }
-};
-
-/**
- * 读取文件内容
- * @param {string} filePath 
- * @returns {Promise<string>}
- */
-export const readFileContent = async (filePath) => {
-  try {
-    return await fs.readFile(filePath, 'utf8');
-  } catch (error) {
-    console.error(`读取文件失败: ${filePath}`, error);
-    throw error;
-  }
-};
-
-/**
- * 保存文件内容
- * @param {string} filePath 
- * @param {string} content 
- * @returns {Promise<void>}
- */
-export const saveFileContent = async (filePath, content) => {
-  try {
-    await fs.mkdir(path.dirname(filePath), { recursive: true });
-    await fs.writeFile(filePath, content, 'utf8');
-  } catch (error) {
-    console.error(`保存文件失败: ${filePath}`, error);
-    throw error;
-  }
-};
-
-/**
- * 路径安全验证
- * @param {string} requestedPath 
- * @param {string} basePath 
- * @returns {boolean}
- */
-export const isPathSafe = (requestedPath, basePath) => {
-  const resolvedPath = path.resolve(requestedPath);
-  return resolvedPath.startsWith(path.resolve(basePath));
-};

package/extend/import.js

@@ -1,6 +0,0 @@
-import express from "express";
-
-import { z } from 'zod';
-
-
-export { express,  z };