chanjs 2.3.0 → 2.5.0

package/base/Database.js

@@ -2,7 +2,7 @@ import knex from "knex";
 
 /**
  * 数据库管理器类
- * 用于管理多个数据库连接和创建数据模型
+ * 用于管理多个数据库连接
  */
 class DatabaseManager {
   /**
@@ -78,237 +78,6 @@ class DatabaseManager {
     }
   }
 
-  /**
-   * 关闭所有数据库连接
-   * @returns {Promise<void>}
-   */
-  async closeAll() {
-    const closePromises = [];
-    for (const [name, connection] of this._connections) {
-      closePromises.push(
-        connection.destroy().catch((err) => {
-          console.error(`Error closing database "${name}":`, err);
-        })
-      );
-    }
-    await Promise.all(closePromises);
-    this._connections.clear();
-  }
-
-  /**
-   * 获取所有连接名称
-   * @returns {Array<string>} 连接名称数组
-   */
-  getConnections() {
-    return Array.from(this._connections.keys());
-  }
-
-  /**
-   * 创建数据模型
-   * @param {string} name - 模型名称
-   * @param {string} tableName - 表名
-   * @param {string} connectionName - 连接名称
-   * @returns {Object} 模型对象
-   */
-  createModel(name, tableName, connectionName) {
-    const db = this.get(connectionName);
-    return {
-      db,
-      tableName,
-
-      /**
-       * 查询字段
-       * @param {string} fields - 字段列表，默认"*"
-       * @returns {Object} Knex查询构建器
-       */
-      select(fields = "*") {
-        return db(this.tableName).select(fields);
-      },
-
-      /**
-       * 条件查询
-       * @param {Object} conditions - 查询条件
-       * @returns {Object} Knex查询构建器
-       */
-      where(conditions) {
-        return db(this.tableName).where(conditions);
-      },
-
-      /**
-       * 查找记录
-       * @param {Object} query - 查询参数
-       * @param {Object} query.sort - 排序条件
-       * @param {Object} query.where - 查询条件
-       * @returns {Promise<Array>} 查询结果数组
-       */
-      find(query = {}) {
-        let q = db(this.tableName);
-        const { sort, ...where } = query;
-
-        if (Object.keys(where).length > 0) {
-          q = q.where(where);
-        }
-
-        if (sort && typeof sort === "object") {
-          for (const [field, dir] of Object.entries(sort)) {
-            q = q.orderBy(field, dir);
-          }
-        }
-
-        return q.select();
-      },
-
-      /**
-       * 查找单条记录
-       * @param {Object} query - 查询条件
-       * @returns {Promise<Object|null>} 查询结果或null
-       */
-      findOne(query = {}) {
-        let q = db(this.tableName);
-        if (Object.keys(query).length > 0) {
-          q = q.where(query);
-        }
-        return q.first();
-      },
-
-      /**
-       * 根据ID查找记录
-       * @param {number|string} id - 记录ID
-       * @returns {Promise<Object|null>} 查询结果或null
-       */
-      findById(id) {
-        return db(this.tableName).where({ id }).first();
-      },
-
-      /**
-       * 创建记录
-       * @param {Object} data - 要插入的数据
-       * @returns {Promise<Array>} 插入结果
-       */
-      create(data) {
-        return db(this.tableName).insert(data);
-      },
-
-      /**
-       * 批量创建记录
-       * @param {Array} records - 要插入的记录数组
-       * @returns {Promise<Array>} 插入结果
-       */
-      createMany(records) {
-        return db(this.tableName).insert(records);
-      },
-
-      /**
-       * 更新记录
-       * @param {Object} conditions - 更新条件
-       * @param {Object} data - 更新数据
-       * @returns {Promise<number>} 影响的行数
-       */
-      update(conditions, data) {
-        return db(this.tableName).where(conditions).update(data);
-      },
-
-      /**
-       * 删除记录
-       * @param {Object} conditions - 删除条件
-       * @returns {Promise<number>} 影响的行数
-       */
-      delete(conditions) {
-        return db(this.tableName).where(conditions).del();
-      },
-
-      /**
-       * 统计记录数
-       * @param {Object} query - 查询条件
-       * @returns {Promise<number>} 记录总数
-       */
-      count(query = {}) {
-        let q = db(this.tableName).count("* as total");
-        if (Object.keys(query).length > 0) {
-          q = q.where(query);
-        }
-        return q.first().then((result) => result?.total ?? 0);
-      },
-
-      /**
-       * 分页查询
-       * @param {Object} options - 查询选项
-       * @param {number} options.current - 当前页码，默认1
-       * @param {number} options.pageSize - 每页大小，默认10
-       * @param {Object} options.where - 查询条件
-       * @param {Array} options.select - 查询字段
-       * @returns {Promise<Object>} 分页结果
-       */
-      query(options = {}) {
-        const { current = 1, pageSize = 10, where = {}, select } = options;
-        const offset = (current - 1) * pageSize;
-
-        const countQuery = db(this.tableName).count("* as total");
-        const dataQuery = db(this.tableName);
-
-        if (Object.keys(where).length > 0) {
-          countQuery.where(where);
-          dataQuery.where(where);
-        }
-
-        if (select) {
-          dataQuery.select(select);
-        }
-
-        return Promise.all([
-          countQuery.first(),
-          dataQuery.offset(offset).limit(pageSize),
-        ]).then(([totalResult, list]) => ({
-          list,
-          total: totalResult?.total ?? 0,
-          current,
-          pageSize,
-        }));
-      },
-
-      /**
-       * 关联查询
-       * @param {Object} options - 查询选项
-       * @param {string} options.joinTable - 关联表名
-       * @param {string} options.localField - 本地表字段
-       * @param {string} options.foreignField - 关联表字段
-       * @param {string} options.select - 查询字段，默认"*"
-       * @param {Object} options.where - 查询条件
-       * @returns {Object} Knex查询构建器
-       */
-      join(options) {
-        const { joinTable, localField, foreignField, select = "*", where = {} } = options;
-        let q = db(this.tableName)
-          .join(joinTable, `${this.tableName}.${localField}`, "=", `${joinTable}.${foreignField}`)
-          .select(select);
-
-        if (Object.keys(where).length > 0) {
-          q = q.where(where);
-        }
-
-        return q;
-      },
-
-      /**
-       * 执行事务
-       * @param {Function} callback - 事务回调函数
-       * @returns {Promise} 事务执行结果
-       */
-      transaction(callback) {
-        return db.transaction(callback);
-      },
-
-      /**
-       * 执行原生SQL
-       * @param {string} sql - SQL语句
-       * @param {Array} bindings - 绑定参数
-       * @returns {Promise} 查询结果
-       */
-      raw(sql, bindings) {
-        return db.raw(sql, bindings);
-      },
-    };
-  }
 }
 
 export default DatabaseManager;

package/base/Service.js

@@ -14,11 +14,6 @@ class Service {
     if (knex && tableName) {
       this.db = knex;
       this.tableName = tableName;
-      this._config = Chan.config || {};
-    } else if (global.appContext) {
-      this.context = global.appContext;
-    } else {
-      this.context = { get: () => null, set: () => null };
     }
 
     this._dateFields = ['created_at', 'updated_at', 'deleted_at', 'publish_time', 'start_time', 'end_time', 'login_time', 'created_date', 'updated_date', 'createdAt', 'updatedAt', 'deletedAt', 'publishTime', 'startTime', 'endTime', 'loginTime', 'createdDate', 'updatedDate'];
@@ -29,7 +24,7 @@ class Service {
    * @returns {number} 每页记录数，默认20
    */
   get pageSize() {
-    return this._config.PAGE_SIZE || 20;
+    return Chan.config.PAGE_SIZE || 20;
   }
 
   /**
@@ -37,35 +32,7 @@ class Service {
    * @returns {number} 最大记录数，默认300
    */
   get limit() {
-    return this._config.LIMIT_MAX || 300;
-  }
-
-  /**
-   * 获取模型实例
-   * @param {string} name - 模型名称
-   * @returns {Object} 模型实例
-   */
-  getModel(name) {
-    return this.context.getModel(name);
-  }
-
-  /**
-   * 获取数据库连接
-   * @param {string} name - 数据库名称
-   * @returns {Object} 数据库实例
-   */
-  getDB(name) {
-    return this.context.get(`db:${name}`);
-  }
-
-  /**
-   * 执行事务
-   * @param {Function} callback - 事务回调函数
-   * @returns {Promise} 事务执行结果
-   */
-  async withTransaction(callback) {
-    const db = this.getDB("default") || Chan.db;
-    return db.transaction(callback);
+    return Chan.config.LIMIT_MAX || 300;
   }
 
   /**

package/global/import.js

@@ -36,8 +36,4 @@ const importFile = async (filepath) => {
  */
 export const importjs = createRequire(import.meta.url);
 
-/**
- * 将导入函数挂载到全局
- */
-global.requirejs = importjs;
-global.importFile = importFile;
+export { importFile };

package/helper/index.js

@@ -1,5 +1,3 @@
-export { db } from "./db.js";
-export { prefixDbConfig } from "./db.js";
 export { loaderSort, loadConfig, clearConfigCache, bindInstance, loadController } from "./loader.js";
 export { formatTime } from "./time.js";
 export { formatDateFields } from "./time.js";

package/index.js

@@ -1,7 +1,6 @@
 export { default as Chan } from "./App.js";
 export { default as Controller } from "./base/Controller.js";
 export { default as Service } from "./base/Service.js";
-export { default as AppContext } from "./base/Context.js";
 export { default as DatabaseManager } from "./base/Database.js";
 
 export * as helper from "./helper/index.js";

package/middleware/index.js

@@ -10,5 +10,4 @@ export { setStatic } from "./static.js";
 export { setHeader } from "./header.js";
 export { setTemplate } from "./template.js";
 export { Cors } from "./cors.js";
-export { validator } from "./validator.js";
 export { waf } from "./waf.js";

package/middleware/template.js

@@ -1,4 +1,5 @@
 import "../extend/index.js";
+import { importjs } from "../global/import.js";
 
 /**
  * 模板引擎中间件配置
@@ -30,5 +31,5 @@ export let setTemplate = (app, config) => {
   });
   app.set("view engine", "html");
   app.set("views", all);
-  app.engine(".html", requirejs("express-art-template"));
+  app.engine(".html", importjs("express-art-template"));
 };

package/middleware/waf.js

@@ -2,13 +2,15 @@ import { getIp } from "../helper/ip.js";
 import { checkKeywords } from "../utils/checker.js";
 import { filterXSS } from "../utils/xss-filter.js";
 import { createRateLimitMiddleware } from "../utils/rate-limit.js";
-import { configError } from "../utils/error.js";
 
 /**
  * Web应用防火墙（WAF）中间件
  * 提供访问限流、关键词过滤、XSS防护等功能
  */
 
+const WAF_BLOCKED_KEY = `${process.env.APP_NAME || 'app'}_waf_blocked`;
+const WAF_BLOCKED_HEADER = 'x-waf-blocked';
+
 /**
  * 路径白名单 - 这些路径不会被 WAF 检查
  * @type {Array<string>}
@@ -56,6 +58,18 @@ function createWafMiddleware(wafConfig) {
       res.setHeader("X-XSS-Protection", "1; mode=block");
       res.setHeader("X-Frame-Options", "DENY");
 
+      if (!isWhitelistedPath(requestPath)) {
+        const isBlocked = req.headers[WAF_BLOCKED_HEADER];
+        if (isBlocked === 'true') {
+          console.error(`[WAF 永久封禁] IP:${clientIp} 路径:${requestPath} 原因:localStorage标记`);
+          return res.status(403).json({
+            code: 403,
+            success: false,
+            msg: '您的访问已被限制，如需恢复请联系管理员'
+          });
+        }
+      }
+
       await new Promise((resolve) => {
         rateLimitMiddleware(req, res, resolve);
       });
@@ -92,11 +106,25 @@ function createWafMiddleware(wafConfig) {
           const { category, keyword } = matched;
           console.error(`[WAF 拦截] IP:${clientIp} 路径:${requestPath} 关键词:${keyword} 类别:${category}`);
 
-          return res.status(403).json({
-            code: 403,
-            success: false,
-            msg: '非法请求：检测到恶意内容'
-          });
+          const htmlResponse = `
+            <!DOCTYPE html>
+            <html>
+            <head>
+              <meta charset="UTF-8">
+              <title>访问受限</title>
+            </head>
+            <body>
+              <h1>非法请求</h1>
+              <p>检测到恶意内容，您的访问已被限制。</p>
+              <p>如需恢复请联系管理员。</p>
+              <script>
+                localStorage.setItem('${WAF_BLOCKED_KEY}', 'true');
+              </script>
+            </body>
+            </html>
+          `;
+
+          return res.status(403).setHeader('Content-Type', 'text/html').send(htmlResponse);
         }
       }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "chanjs",
-  "version": "2.3.0",
+  "version": "2.5.0",
   "description": "chanjs基于express5 纯js研发的轻量级mvc框架。",
   "main": "index.js",
   "module": "index.js",

package/utils/index.js

@@ -1,6 +1,4 @@
-export { success, fail, error } from "./response.js";
-export { parseDatabaseError, notFoundResponse, errorResponse } from "./error-handler.js";
-export { configError, authError } from "./error.js";
+export { success, fail, error, parseDatabaseError, notFoundResponse, errorResponse } from "./response.js";
 export { checkKeywords, isIgnored } from "./checker.js";
 export { filterXSS } from "./xss-filter.js";
 export { createRateLimitMiddleware } from "./rate-limit.js";

package/utils/keywords.js

@@ -16,7 +16,7 @@ export const KEYWORD_RULES = {
    */
   extensions: [
     ".php", ".asp", ".aspx", ".jsp", ".jspx", ".do", ".action", ".cgi",
-    ".py", ".pl", ".cfm", ".jhtml", ".shtml"
+    ".py", ".pl", ".cfm", ".jhtml", ".shtml",".sql"
   ],
   /**
    * 敏感目录名称
@@ -39,7 +39,13 @@ export const KEYWORD_RULES = {
   commandInjection: [
     "cmd=", "system(", "exec(", "shell_exec(", "passthru(",
     "eval(", "assert(", "preg_replace", "bash -i", "rm -rf",
-    "wget ", "curl ", "chmod ", "base64_decode", "phpinfo()"
+    "wget ", "curl ", "chmod ", "base64_decode", "phpinfo()",
+    "kill ", "killall", "shutdown", "reboot", "halt", "fdisk",
+    "mkfs", "dd ", "ssh ", "scp ", "rsync", "nc ",
+    "netcat", "nmap", "iptables", "systemctl", "service",
+    "init", "crontab", "at ", "su ", "sudo", "useradd",
+    "userdel", "usermod", "groupadd", "groupdel", "passwd",
+    "chpasswd", "mount ", "umount", "ln -s"
   ],
   /**
    * 路径遍历关键词

package/utils/response.js

@@ -5,6 +5,20 @@ import { CODE, DB_ERROR } from "../config/code.js";
  * 提供统一的响应格式和错误处理
  */
 
+const ERROR_MESSAGES = {
+  6001: "数据库连接失败",
+  6002: "数据库访问被拒绝",
+  6003: "存在关联数据，操作失败",
+  6004: "数据库字段错误",
+  6005: "数据重复，违反唯一性约束",
+  6006: "目标表不存在",
+  6007: "数据库操作超时",
+  6008: "数据库语法错误，请检查查询语句",
+  6009: "数据库连接已关闭，请重试",
+  4003: "资源已存在",
+  5001: "系统内部错误",
+};
+
 /**
  * 获取默认错误代码
  * @private
@@ -23,6 +37,32 @@ const getDefaultErrorCode = (error) => {
   return 5001;
 };
 
+/**
+ * 解析数据库错误
+ * @param {Error} error - 数据库错误对象
+ * @returns {Object} 包含 code、msg 和 statusCode 的对象
+ * @description
+ * 根据数据库错误代码映射为业务状态码
+ * 返回对应的错误消息和 HTTP 状态码
+ */
+export function parseDatabaseError(error) {
+  const errorCode = error?.code && DB_ERROR[error.code]
+    ? DB_ERROR[error.code]
+    : error?.message?.includes("syntax") || error?.message?.includes("SQL")
+      ? 6008
+      : error?.message?.includes("Connection closed")
+        ? 6009
+        : error?.message?.includes("permission")
+          ? 3003
+          : 5001;
+
+  return {
+    code: errorCode,
+    msg: ERROR_MESSAGES[errorCode] || error?.message || "服务器内部错误",
+    statusCode: errorCode >= 6000 ? 500 : errorCode >= 4000 ? 400 : 500,
+  };
+}
+
 /**
  * 生成错误响应
  * @param {Object} options - 响应选项
@@ -33,8 +73,6 @@ const getDefaultErrorCode = (error) => {
  * @description
  * 根据错误类型生成标准错误响应
  * 开发环境下包含数据库错误详情
- * @example
- * const response = error({ err: databaseError });
  */
 export const error = ({ err, data = {}, code = 500 } = {}) => {
   if (err) {
@@ -70,10 +108,6 @@ export const error = ({ err, data = {}, code = 500 } = {}) => {
  * @param {Object} [options.data={}] - 响应数据
  * @param {number} [options.code=201] - 错误代码
  * @returns {Object} 失败响应对象
- * @description
- * 生成标准失败响应
- * @example
- * const response = fail({ msg: '用户不存在', code: 404 });
  */
 export const fail = ({ msg = "操作失败", data = {}, code = 201 } = {}) => {
   return {
@@ -90,10 +124,6 @@ export const fail = ({ msg = "操作失败", data = {}, code = 201 } = {}) => {
  * @param {Object} [options.data={}] - 响应数据
  * @param {string} [options.msg="操作成功"] - 成功消息
  * @returns {Object} 成功响应对象
- * @description
- * 生成标准成功响应
- * @example
- * const response = success({ data: { id: 1, name: '张三' } });
  */
 export const success = ({ data = {}, msg = "操作成功" } = {}) => ({
   success: true,
@@ -101,3 +131,50 @@ export const success = ({ data = {}, msg = "操作成功" } = {}) => ({
   code: 200,
   data,
 });
+
+/**
+ * 生成 404 响应
+ * @param {Object} req - Express 请求对象
+ * @returns {Object} 404 响应对象
+ */
+export function notFoundResponse(req) {
+  return {
+    success: false,
+    msg: "接口不存在",
+    code: 404,
+    data: { path: req.path, method: req.method },
+  };
+}
+
+/**
+ * 生成错误响应（Express 错误处理中间件用）
+ * @param {Error} err - 错误对象
+ * @param {Object} req - Express 请求对象
+ * @returns {Object} 错误响应对象
+ */
+export function errorResponse(err, req) {
+  const errorInfo = parseDatabaseError(err);
+  
+  console.error(`[Error Handler] ${errorInfo.msg} - ${err?.message}`, {
+    code: errorInfo.code,
+    path: req?.path,
+    method: req?.method,
+    sql: err?.sql,
+    sqlMessage: err?.sqlMessage,
+    stack: err?.stack,
+  });
+  
+  return {
+    success: false,
+    msg: errorInfo.msg,
+    code: errorInfo.code,
+    data: process.env.NODE_ENV === "development"
+      ? {
+          message: err?.message,
+          sql: err?.sql,
+          sqlMessage: err?.sqlMessage,
+          stack: err?.stack,
+        }
+      : {},
+  };
+}

package/base/Context.js

@@ -1,78 +0,0 @@
-/**
- * 应用上下文类
- * 用于存储和管理应用的配置和模型实例
- */
-class AppContext {
-  /**
-   * 构造函数
-   * 初始化配置和模型的Map存储
-   */
-  constructor() {
-    this._config = new Map();
-    this._models = new Map();
-  }
-
-  /**
-   * 设置配置项
-   * @param {string} key - 配置键名
-   * @param {*} value - 配置值
-   */
-  set(key, value) {
-    this._config.set(key, value);
-  }
-
-  /**
-   * 获取配置项
-   * @param {string} key - 配置键名
-   * @param {*} defaultValue - 默认值
-   * @returns {*} 配置值或默认值
-   */
-  get(key, defaultValue) {
-    return this._config.get(key) ?? defaultValue;
-  }
-
-  /**
-   * 检查配置项是否存在
-   * @param {string} key - 配置键名
-   * @returns {boolean} 是否存在
-   */
-  has(key) {
-    return this._config.has(key);
-  }
-
-  /**
-   * 设置模型实例
-   * @param {string} name - 模型名称
-   * @param {Object} instance - 模型实例
-   */
-  setModel(name, instance) {
-    this._models.set(name, instance);
-  }
-
-  /**
-   * 获取模型实例
-   * @param {string} name - 模型名称
-   * @returns {Object|undefined} 模型实例
-   */
-  getModel(name) {
-    return this._models.get(name);
-  }
-
-  /**
-   * 获取所有模型实例
-   * @returns {Object} 包含所有模型的对象
-   */
-  getAllModels() {
-    return Object.fromEntries(this._models.entries());
-  }
-
-  /**
-   * 清空所有配置和模型
-   */
-  clear() {
-    this._config.clear();
-    this._models.clear();
-  }
-}
-
-export default AppContext;