npm - chanjs - Versions diffs - 2.5.3 → 2.5.4 - Mend

chanjs 2.5.3 → 2.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/App.js CHANGED Viewed

@@ -10,8 +10,8 @@ import DatabaseManager from "./base/Database.js";
 // 引入配置和工具
 import { Paths } from "./config/index.js";
 import { getChildrenId, filterBody, filterImgFromStr, CODE as commonCode, sendMail, genRegEmailHtml, genResetPasswordEmail, pages, getHtmlFilesSync } from "./common/index.js";
-import { loadConfig, loadController, loaderSort, formatDateFields, request, delImg, getIp, setToken, getToken, verifyToken, generateToken, getFileTree, readFileContent, saveFileContent, isPathSafe, arrToObj, htmlDecode } from "./helper/index.js";
-import { Cors, setBody, setCookie, setFavicon, setHeader, setStatic, setTemplate, waf } from "./middleware/index.js";
+import { loadConfig, loadController, loaderSort, formatDateFields, request, delImg, getIp, setToken, getToken, verifyToken, generateToken, getFileTree, readFileContent, saveFileContent, isPathSafe, getFolders, arrToObj, htmlDecode } from "./helper/index.js";
+import { Cors, setBody, setCookie, setFavicon, setHeader, setStatic, setTemplate, waf, log } from "./middleware/index.js";
 import { errorResponse, notFoundResponse, parseDatabaseError, error as responseError, fail, success, checkKeywords } from "./utils/index.js";
 import { importFile, importjs } from "./global/import.js";
@@ -44,6 +44,7 @@ class Chan {
     readFileContent,
     saveFileContent,
     isPathSafe,
+    getFolders,
     arrToObj,
     htmlDecode,
   };
@@ -219,6 +220,7 @@ class Chan {
         statics = [],
         cors = {},
         PROXY = "false",
+        logger = {},
         waf: wafConfig = { enabled: false }
       } = config;
@@ -228,6 +230,7 @@ class Chan {
     setCookie(this.app, cookieKey);
     setBody(this.app, BODY_LIMIT);
     Cors(this.app, cors);
+    log(this.app, logger);
     setTemplate(this.app, { views, NODE_ENV });
     setHeader(this.app, { APP_NAME, APP_VERSION });
   }

package/extend/art-template.js CHANGED Viewed

@@ -1,5 +1,8 @@
 import template from "art-template";
 import dayjs from "dayjs";
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+const { marked } = require('marked');
 //template.defaults.native = false; // 禁用原生模板引擎 防止模板直接调用nodejs语法
 //template.defaults.debug = false; // 禁用调试模式
@@ -45,3 +48,22 @@ template.defaults.imports.truncate = (str, length = 10) => {
 template.defaults.imports.safeStringify = (obj) => {
     return JSON.stringify(obj, null, 2);
   };
+/**
+ * Markdown 渲染过滤器
+ * 自动检测内容是否为 Markdown 格式，如果是则渲染为 HTML
+ * @param {string} content - 文章内容
+ * @returns {string} 渲染后的 HTML
+ */
+template.defaults.imports.renderMarkdown = (content) => {
+  if (!content || typeof content !== 'string') {
+    return content || '';
+  }
+  try {
+    return marked.parse(content);
+  } catch (err) {
+    console.error('[renderMarkdown] Markdown 渲染失败:', err.message);
+    return content;
+  }
+};

package/helper/file.js CHANGED Viewed

@@ -156,3 +156,38 @@ export function isPathSafe(targetPath, basePath) {
   const relativePath = path.relative(normalizedBase, normalizedTarget);
   return !relativePath.startsWith('..');
 }
+/**
+ * 获取指定文件夹下的所有文件夹
+ * @param {string} folderPath - 文件夹路径
+ * @returns {Array<string>} 文件夹名称数组
+ * @description
+ * 同步获取指定文件夹下的所有文件夹（不包含隐藏文件）
+ * @example
+ * const folders = getFolders('/path/to/directory');
+ * // 返回: ['default', 'test', ...]
+ */
+export function getFolders(folderPath) {
+  if (!fs.existsSync(folderPath)) {
+    return [];
+  }
+  const items = fs.readdirSync(folderPath);
+  const folders = [];
+  for (const item of items) {
+    if (item.startsWith('.')) continue;
+    const itemPath = path.join(folderPath, item);
+    try {
+      const stat = fs.statSync(itemPath);
+      if (stat.isDirectory()) {
+        folders.push(item);
+      }
+    } catch (err) {
+      continue;
+    }
+  }
+  return folders;
+}

package/helper/index.js CHANGED Viewed

@@ -8,6 +8,7 @@ export { getFileTree } from "./file.js";
 export { readFileContent } from "./file.js";
 export { saveFileContent } from "./file.js";
 export { isPathSafe } from "./file.js";
+export { getFolders } from "./file.js";
 export { htmlDecode } from "./html.js";
 export { getIp } from "./ip.js";
 export { verifyToken } from "./jwt.js";

package/helper/ip.js CHANGED Viewed

@@ -37,14 +37,11 @@ export function getIp(req) {
       ip = ip.substring(7);
     }
-    const isLocalAddress = ip === '::1' ||
-                           ip === '127.0.0.1' ||
-                           ip === '0.0.0.0' ||
-                           ip === 'localhost';
-    if (!isLocalAddress) {
-      return ip;
+    if (ip === '::1') {
+      ip = '127.0.0.1';
     }
+    return ip;
   }
   const headers = req.headers || {};

package/middleware/index.js CHANGED Viewed

@@ -11,3 +11,4 @@ export { setHeader } from "./header.js";
 export { setTemplate } from "./template.js";
 export { Cors } from "./cors.js";
 export { waf } from "./waf.js";
+export { log } from "./log.js";

package/middleware/log.js ADDED Viewed

@@ -0,0 +1,41 @@
+import morgan from "morgan";
+import { getIp } from "../helper/ip.js";
+// 自定义 IP 令牌
+morgan.token("ip", (req, res) => {
+  return getIp(req);
+});
+// 自定义用户信息令牌
+morgan.token("user", (req, res) => {
+  if (req.user) {
+    return `${req.user.uid}:${req.user.username}`;
+  }
+  return "-";
+});
+// 自定义时间令牌（带日期）
+morgan.token("datetime", (req, res) => {
+  return new Date().toISOString();
+});
+// 自定义 morgan 格式：时间 IP 用户 Method URL Status Length - Response-Time ms
+morgan.format("chancms", (tokens, req, res) => {
+  return [
+    tokens.datetime(req, res),
+    tokens.ip(req, res),
+    tokens.user(req, res),
+    tokens.method(req, res),
+    tokens.url(req, res),
+    tokens.status(req, res),
+    tokens.res(req, res, "content-length") || "-",
+    "-",
+    tokens["response-time"](req, res),
+    "ms",
+  ].join(" ");
+});
+export const log = (app, logger) => {
+  const level = logger?.level || "chancms";
+  app.use(morgan(level === "chancms" ? "chancms" : level));
+};

package/middleware/waf.js CHANGED Viewed

@@ -104,7 +104,7 @@ function createWafMiddleware(wafConfig) {
         if (matched) {
           const { category, keyword } = matched;
-          console.error(`[WAF 拦截] IP:${clientIp} 路径:${requestPath} 关键词:${keyword} 类别:${category}`);
+          console.warn(`[WAF 拦截] IP:${clientIp} 路径:${requestPath} 关键词:${keyword} 类别:${category}`);
           const htmlResponse = `
             <!DOCTYPE html>

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "chanjs",
-  "version": "2.5.3",
+  "version": "2.5.4",
   "description": "chanjs基于express5 纯js研发的轻量级mvc框架。",
   "main": "index.js",
   "module": "index.js",

package/utils/keywords.js CHANGED Viewed

@@ -16,7 +16,7 @@ export const KEYWORD_RULES = {
    */
   extensions: [
     ".php", ".asp", ".aspx", ".jsp", ".jspx", ".do", ".action", ".cgi",
-    ".py", ".pl", ".cfm", ".jhtml", ".shtml",".sql"
+    ".py", ".pl", ".cfm", ".jhtml", ".shtml",".sql",".env",".git"
   ],
   /**
    * 敏感目录名称