chanjs 2.5.2 → 2.5.4

package/App.js

@@ -10,8 +10,8 @@ import DatabaseManager from "./base/Database.js";
 // 引入配置和工具
 import { Paths } from "./config/index.js";
 import { getChildrenId, filterBody, filterImgFromStr, CODE as commonCode, sendMail, genRegEmailHtml, genResetPasswordEmail, pages, getHtmlFilesSync } from "./common/index.js";
-import { loadConfig, loadController, loaderSort, formatDateFields, request, delImg, getIp, setToken, getToken, verifyToken, generateToken, getFileTree, readFileContent, saveFileContent, isPathSafe, arrToObj, htmlDecode } from "./helper/index.js";
-import { Cors, setBody, setCookie, setFavicon, setHeader, setStatic, setTemplate, waf } from "./middleware/index.js";
+import { loadConfig, loadController, loaderSort, formatDateFields, request, delImg, getIp, setToken, getToken, verifyToken, generateToken, getFileTree, readFileContent, saveFileContent, isPathSafe, getFolders, arrToObj, htmlDecode } from "./helper/index.js";
+import { Cors, setBody, setCookie, setFavicon, setHeader, setStatic, setTemplate, waf, log } from "./middleware/index.js";
 import { errorResponse, notFoundResponse, parseDatabaseError, error as responseError, fail, success, checkKeywords } from "./utils/index.js";
 import { importFile, importjs } from "./global/import.js";
 
@@ -44,6 +44,7 @@ class Chan {
     readFileContent,
     saveFileContent,
     isPathSafe,
+    getFolders,
     arrToObj,
     htmlDecode,
   };
@@ -129,7 +130,9 @@ class Chan {
    */
   async config() {
     let config = await loadConfig();
+    console.log('[App.config] 开始加载配置，config keys:', Object.keys(config));
     Chan.config = config;
+    console.log('[App.config] 配置加载完成，Chan.config.modules:', Chan.config.modules);
   }
 
   /**
@@ -209,7 +212,7 @@ class Chan {
     const config = Chan.config;
     const { 
       views = [], 
-      env = "development", 
+      NODE_ENV = "dev", 
       APP_NAME = "ChanCMS",
        APP_VERSION = "1.0.0", 
        cookieKey, 
@@ -217,6 +220,7 @@ class Chan {
         statics = [], 
         cors = {}, 
         PROXY = "false", 
+        logger = {},
         waf: wafConfig = { enabled: false } 
       } = config;
     
@@ -226,7 +230,8 @@ class Chan {
     setCookie(this.app, cookieKey);
     setBody(this.app, BODY_LIMIT);
     Cors(this.app, cors);
-    setTemplate(this.app, { views, NODE_ENV: env });
+    log(this.app, logger);
+    setTemplate(this.app, { views, NODE_ENV });
     setHeader(this.app, { APP_NAME, APP_VERSION });
   }
 

package/extend/art-template.js

@@ -1,8 +1,12 @@
 import template from "art-template";
 import dayjs from "dayjs";
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+const { marked } = require('marked');
+
+//template.defaults.native = false; // 禁用原生模板引擎 防止模板直接调用nodejs语法
+//template.defaults.debug = false; // 禁用调试模式
 
-template.defaults.native = false; // 禁用原生模板引擎 防止模板直接调用nodejs语法
-template.defaults.debug = false; // 禁用调试模式
 
 /**
  * 日期格式化过滤器
@@ -44,3 +48,22 @@ template.defaults.imports.truncate = (str, length = 10) => {
 template.defaults.imports.safeStringify = (obj) => {
     return JSON.stringify(obj, null, 2);
   };
+
+/**
+ * Markdown 渲染过滤器
+ * 自动检测内容是否为 Markdown 格式，如果是则渲染为 HTML
+ * @param {string} content - 文章内容
+ * @returns {string} 渲染后的 HTML
+ */
+template.defaults.imports.renderMarkdown = (content) => {
+  if (!content || typeof content !== 'string') {
+    return content || '';
+  }
+
+  try {
+    return marked.parse(content);
+  } catch (err) {
+    console.error('[renderMarkdown] Markdown 渲染失败:', err.message);
+    return content;
+  }
+};

package/helper/file.js

@@ -156,3 +156,38 @@ export function isPathSafe(targetPath, basePath) {
   const relativePath = path.relative(normalizedBase, normalizedTarget);
   return !relativePath.startsWith('..');
 }
+
+/**
+ * 获取指定文件夹下的所有文件夹
+ * @param {string} folderPath - 文件夹路径
+ * @returns {Array<string>} 文件夹名称数组
+ * @description
+ * 同步获取指定文件夹下的所有文件夹（不包含隐藏文件）
+ * @example
+ * const folders = getFolders('/path/to/directory');
+ * // 返回: ['default', 'test', ...]
+ */
+export function getFolders(folderPath) {
+  if (!fs.existsSync(folderPath)) {
+    return [];
+  }
+
+  const items = fs.readdirSync(folderPath);
+  const folders = [];
+  
+  for (const item of items) {
+    if (item.startsWith('.')) continue;
+    
+    const itemPath = path.join(folderPath, item);
+    try {
+      const stat = fs.statSync(itemPath);
+      if (stat.isDirectory()) {
+        folders.push(item);
+      }
+    } catch (err) {
+      continue;
+    }
+  }
+  
+  return folders;
+}

package/helper/index.js

@@ -8,6 +8,7 @@ export { getFileTree } from "./file.js";
 export { readFileContent } from "./file.js";
 export { saveFileContent } from "./file.js";
 export { isPathSafe } from "./file.js";
+export { getFolders } from "./file.js";
 export { htmlDecode } from "./html.js";
 export { getIp } from "./ip.js";
 export { verifyToken } from "./jwt.js";

package/helper/ip.js

@@ -37,14 +37,11 @@ export function getIp(req) {
       ip = ip.substring(7);
     }
     
-    const isLocalAddress = ip === '::1' || 
-                           ip === '127.0.0.1' || 
-                           ip === '0.0.0.0' ||
-                           ip === 'localhost';
-    
-    if (!isLocalAddress) {
-      return ip;
+    if (ip === '::1') {
+      ip = '127.0.0.1';
     }
+    
+    return ip;
   }
   
   const headers = req.headers || {};

package/middleware/index.js

@@ -11,3 +11,4 @@ export { setHeader } from "./header.js";
 export { setTemplate } from "./template.js";
 export { Cors } from "./cors.js";
 export { waf } from "./waf.js";
+export { log } from "./log.js";

package/middleware/log.js

@@ -0,0 +1,41 @@
+import morgan from "morgan";
+import { getIp } from "../helper/ip.js";
+
+// 自定义 IP 令牌
+morgan.token("ip", (req, res) => {
+  return getIp(req);
+});
+
+// 自定义用户信息令牌
+morgan.token("user", (req, res) => {
+  if (req.user) {
+    return `${req.user.uid}:${req.user.username}`;
+  }
+  return "-";
+});
+
+// 自定义时间令牌（带日期）
+morgan.token("datetime", (req, res) => {
+  return new Date().toISOString();
+});
+
+// 自定义 morgan 格式：时间 IP 用户 Method URL Status Length - Response-Time ms
+morgan.format("chancms", (tokens, req, res) => {
+  return [
+    tokens.datetime(req, res),
+    tokens.ip(req, res),
+    tokens.user(req, res),
+    tokens.method(req, res),
+    tokens.url(req, res),
+    tokens.status(req, res),
+    tokens.res(req, res, "content-length") || "-",
+    "-",
+    tokens["response-time"](req, res),
+    "ms",
+  ].join(" ");
+});
+
+export const log = (app, logger) => {
+  const level = logger?.level || "chancms";
+  app.use(morgan(level === "chancms" ? "chancms" : level));
+};

package/middleware/template.js

@@ -23,10 +23,10 @@ import { importjs } from "../global/import.js";
  */
 export let setTemplate = (app, config) => {
   const { views, NODE_ENV } = config;
-  const all = [...views, "app/modules/web/view"];
+  const all = [...views];
   app.set("view options", {
     debug: NODE_ENV === "dev",
-    cache: NODE_ENV === "prd",
+    cache: true,
     minimize: true,
   });
   app.set("view engine", "html");

package/middleware/waf.js

@@ -104,7 +104,7 @@ function createWafMiddleware(wafConfig) {
 
         if (matched) {
           const { category, keyword } = matched;
-          console.error(`[WAF 拦截] IP:${clientIp} 路径:${requestPath} 关键词:${keyword} 类别:${category}`);
+          console.warn(`[WAF 拦截] IP:${clientIp} 路径:${requestPath} 关键词:${keyword} 类别:${category}`);
 
           const htmlResponse = `
             <!DOCTYPE html>

package/package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "chanjs",
-  "version": "2.5.2",
+  "version": "2.5.4",
   "description": "chanjs基于express5 纯js研发的轻量级mvc框架。",
   "main": "index.js",
   "module": "index.js",

package/utils/keywords.js

@@ -16,7 +16,7 @@ export const KEYWORD_RULES = {
    */
   extensions: [
     ".php", ".asp", ".aspx", ".jsp", ".jspx", ".do", ".action", ".cgi",
-    ".py", ".pl", ".cfm", ".jhtml", ".shtml",".sql"
+    ".py", ".pl", ".cfm", ".jhtml", ".shtml",".sql",".env",".git"
   ],
   /**
    * 敏感目录名称