midway-fatcms 0.0.2 → 0.0.4

package/dist/middleware/forbidden.middleware.js

@@ -15,7 +15,11 @@ const BLACK_EQUAL_LIST = [
     '/config.json',
     '/backend/.env',
     '/.env',
+    '/.env.dev',
+    '/.env.prod',
     '/.env.local',
+    '/.env.staging',
+    '/.env.example',
     '/.env.production',
     '/.env.development',
     '/application.yml',
@@ -25,6 +29,7 @@ const BLACK_EQUAL_LIST = [
     '/config.yml',
     '/db.ini',
     '/database.yml',
+    '/api/.env',
     // 安全相关文件
     '/.well-known/security.txt',
     '/security.txt',
@@ -274,8 +279,14 @@ let ForbiddenMiddleware = class ForbiddenMiddleware {
      * 检查是否包含路径遍历政击特征
      */
     hasPathTraversal(path) {
-        const decodedPath = decodeURIComponent(path);
-        return SUSPICIOUS_QUERY_PATTERNS.some(pattern => decodedPath.includes(pattern));
+        try {
+            const decodedPath = decodeURIComponent(path);
+            return SUSPICIOUS_QUERY_PATTERNS.some(pattern => decodedPath.includes(pattern));
+        }
+        catch (e) {
+            // URL解码失败（如包含非法编码字符），直接判定为可疑请求
+            return true;
+        }
     }
     /**
      * 拦截处理：返回404响应

package/dist/middleware/global.middleware.js

@@ -75,7 +75,7 @@ function handleNullRes(res) {
  * @param res
  */
 function handleArrayRes(res) {
-    if (Array.isArray(res) && res.length) {
+    if (Array.isArray(res)) {
         return { success: true, data: res };
     }
     return res;

package/dist/models/SystemEntities.d.ts

@@ -64,7 +64,8 @@ export interface IUpstreamInfo {
 export declare enum ProxyUserContextEnum {
     NO_PASS = 0,
     BASIC_INFO = 1,
-    SESSION_INFO = 2
+    SESSION_INFO = 2,
+    BASIC_INFO_BIZ_EXT = 3
 }
 export interface IProxyApiEntity extends IApiBaseEntity {
     proxy_name: string;

package/dist/models/SystemEntities.js

@@ -6,6 +6,7 @@ var ProxyUserContextEnum;
     ProxyUserContextEnum[ProxyUserContextEnum["NO_PASS"] = 0] = "NO_PASS";
     ProxyUserContextEnum[ProxyUserContextEnum["BASIC_INFO"] = 1] = "BASIC_INFO";
     ProxyUserContextEnum[ProxyUserContextEnum["SESSION_INFO"] = 2] = "SESSION_INFO";
+    ProxyUserContextEnum[ProxyUserContextEnum["BASIC_INFO_BIZ_EXT"] = 3] = "BASIC_INFO_BIZ_EXT";
 })(ProxyUserContextEnum = exports.ProxyUserContextEnum || (exports.ProxyUserContextEnum = {}));
 var CacheLevelEnum;
 (function (CacheLevelEnum) {

package/dist/service/AuthService.js

@@ -150,6 +150,9 @@ let AuthService = class AuthService extends BaseService_1.BaseService {
             if (!(0, fatcms_request_1.isEnableSuperAdmin)(this.ctx)) {
                 return null;
             }
+            if (!Array.isArray(superAdminList)) {
+                return null;
+            }
             return superAdminList.find((s) => {
                 return s.login_name === loginName;
             });

package/dist/service/base/BaseService.d.ts

@@ -39,6 +39,7 @@ export declare class BaseService {
     protected logError(msg: string, ...args: any): void;
     protected logWarn(msg: string, ...args: any): void;
     protected logDebug(msg: string, ...args: any): void;
+    protected isProdEnv(): boolean;
     protected isLocalEnv(): boolean;
     protected isEnableDebug(): boolean;
     protected evaluate(expression: string, context: any): string;

package/dist/service/base/BaseService.js

@@ -91,6 +91,10 @@ let BaseService = class BaseService {
     logDebug(msg, ...args) {
         this.getContextLogger().debug(msg, ...args);
     }
+    isProdEnv() {
+        const env = this.ctx.app.env;
+        return env === 'prod' || env === 'production';
+    }
     isLocalEnv() {
         return (0, fatcms_request_1.isLocalEnv)(this.ctx);
     }

package/dist/service/crudstd/CrudStdService.js

@@ -63,10 +63,10 @@ let CrudStdService = class CrudStdService extends ApiBaseService_1.ApiBaseServic
         var _a;
         const appCode = stdAction.appCode;
         const appInfo = await this.getParsedCrudStdAppForSettingKey(stdAction);
-        const stdCrudCfgObj = appInfo.stdCrudCfgObj;
         if (!appInfo || appInfo.status !== 1) {
             throw new devops_1.BizException('应用不存在或已下线：' + appCode);
         }
+        const stdCrudCfgObj = appInfo.stdCrudCfgObj;
         //删除策略
         const deleteStrategy = _.get(stdCrudCfgObj, 'othersSetting.values.deleteStrategy');
         const databaseName = stdCrudCfgObj.tableBaseInfo.databaseName;

package/dist/service/proxyapi/ProxyApiService.js

@@ -43,7 +43,8 @@ let ProxyApiService = class ProxyApiService extends ApiBaseService_1.ApiBaseServ
         if (!cfgInfo) {
             throw new devops_1.BizException('路径配置没有匹配到', exceptions_1.Exceptions.CFG_NOT_FOUND);
         }
-        return this._handleProxyRequestForCfg(cfgInfo, upstream_path);
+        const proxyApiEntity = JSON.parse(JSON.stringify(cfgInfo));
+        return this._handleProxyRequestForCfg(proxyApiEntity, upstream_path);
     }
     /**
      * 转发请求
@@ -252,7 +253,7 @@ let ProxyApiService = class ProxyApiService extends ApiBaseService_1.ApiBaseServ
         }
     }
     buildUserContextHeader(proxyApiEntity) {
-        var _a, _b;
+        var _a, _b, _c;
         // 传递整个用户上下文
         if (proxyApiEntity.user_context === SystemEntities_1.ProxyUserContextEnum.SESSION_INFO) {
             const isLogin = this.ctx.userSession.isLogin();
@@ -267,6 +268,7 @@ let ProxyApiService = class ProxyApiService extends ApiBaseService_1.ApiBaseServ
             const workbenchCode = (_b = this.ctx.workbenchInfo) === null || _b === void 0 ? void 0 : _b.workbench_code;
             const userBasicInfo = { isLogin };
             if (sessionInfo && isLogin) {
+                userBasicInfo.nickName = sessionInfo.nickName;
                 userBasicInfo.loginName = sessionInfo.loginName;
                 userBasicInfo.sessionId = sessionInfo.sessionId;
                 userBasicInfo.accountId = sessionInfo.accountId;
@@ -276,6 +278,24 @@ let ProxyApiService = class ProxyApiService extends ApiBaseService_1.ApiBaseServ
             userBasicInfo.workbenchCode = workbenchCode;
             return (0, base64_1.toBase64)(userBasicInfo);
         }
+        // 传递用户基本信息和BizExt
+        if (proxyApiEntity.user_context === SystemEntities_1.ProxyUserContextEnum.BASIC_INFO_BIZ_EXT) {
+            const isLogin = this.ctx.userSession.isLogin();
+            const sessionInfo = this.ctx.userSession.getSessionInfo();
+            const workbenchCode = (_c = this.ctx.workbenchInfo) === null || _c === void 0 ? void 0 : _c.workbench_code;
+            const userBasicInfo = { isLogin };
+            if (sessionInfo && isLogin) {
+                userBasicInfo.nickName = sessionInfo.nickName;
+                userBasicInfo.loginName = sessionInfo.loginName;
+                userBasicInfo.sessionId = sessionInfo.sessionId;
+                userBasicInfo.accountId = sessionInfo.accountId;
+                userBasicInfo.workbenchCode = sessionInfo.workbenchCode;
+                userBasicInfo.accountType = sessionInfo.accountType;
+                userBasicInfo.bizExt = sessionInfo.bizExt; // 多了一个bizExt
+            }
+            userBasicInfo.workbenchCode = workbenchCode;
+            return (0, base64_1.toBase64)(userBasicInfo);
+        }
         return null;
     }
 };

package/dist/service/proxyapi/RouteHandler.d.ts

@@ -1,5 +1,6 @@
+import { IProxyApiEntity } from "../../models/SystemEntities";
 declare class RouteHandler {
-    cfgInfo: any;
-    constructor(cfgInfo: any);
+    cfgInfo: IProxyApiEntity;
+    constructor(cfgInfo: IProxyApiEntity);
 }
 export { RouteHandler };

package/dist/service/proxyapi/RouteTrie.d.ts

@@ -5,7 +5,7 @@ declare class RouteTrie {
     constructor();
     addRoute(path: string, handler: RouteHandler): void;
     clearRoute(): void;
-    getRouteCount(): 0;
+    getRouteCount(): number;
     findLongestMatch(path: string): any;
 }
 declare function getRouteTrie(domainCode: string): RouteTrie;

package/dist/service/proxyapi/RouteTrie.js

@@ -10,6 +10,7 @@ class RouteTrieNode {
 }
 class RouteTrie {
     constructor() {
+        this.routeCount = 0;
         this.root = new RouteTrieNode();
         this.routeCount = 0;
     }

package/dist/service/proxyapi/WeightedRoundRobin.d.ts

@@ -1,7 +1,7 @@
 import { IUpstreamItem } from '../../models/SystemEntities';
 declare class WeightedRoundRobin {
     private readonly totalWeight;
-    private servers;
+    private readonly servers;
     constructor(servers: IUpstreamItem[]);
     next(): IUpstreamItem;
 }

package/dist/service/proxyapi/WeightedRoundRobin.js

@@ -24,6 +24,7 @@ class WeightedRoundRobin {
         // 2. 被选中的服务器减去总权重（实现平滑分配）
         if (selected) {
             selected.currentWeight -= this.totalWeight;
+            selected.currentWeight = Math.max(selected.currentWeight, 0);
             return selected;
         }
         return this.servers[0]; // 兜底返回第一个元素

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "midway-fatcms",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "This is a midway component sample",
   "main": "dist/index.js",
   "typings": "index.d.ts",

package/src/libs/crud-pro/CrudPro.ts

@@ -7,6 +7,7 @@ import { RequestCfgModel } from './models/RequestCfgModel';
 import { MixinUtils } from './utils/MixinUtils';
 import { Transaction } from './models/Transaction';
 import { IExecuteContextFunc } from './models/ExecuteContextFunc';
+import { KeysOfSimpleSQL } from './models/keys';
 
 class CrudPro {
   private readonly executeContext: ExecuteContext;
@@ -106,6 +107,9 @@ class CrudPro {
     exeCtx.setReqModel(reqModel);
     exeCtx.setCfgModel(cfgModel);
 
+    // 如果是 sqlSimpleName模式的 update/insert，则需要将 reqJson.data 部分根据真实的表结构进行过滤
+    await this.filterDataByTableMetaIfNeeded(reqModel, cfgModel);
+
     // 参数校验
     this.serviceHub.validateByAllow(cfgModel, reqModel);
     this.serviceHub.validateByReject(cfgModel, reqModel);
@@ -144,6 +148,73 @@ class CrudPro {
     return this.serviceHub.getCachedCfgByMethod(method, isEnableCache);
   }
 
+  /**
+   * 如果是 INSERT/UPDATE 操作（sqlSimpleName 模式），根据真实表结构过滤 reqModel.data 中的字段
+   * 避免传入不存在的字段导致 SQL 执行报错
+   * 注意：只处理 sqlSimpleName 模式，不处理 sqlCfgList 模式
+   * @param reqModel 请求模型
+   * @param cfgModel 配置模型
+   */
+  private async filterDataByTableMetaIfNeeded(reqModel: RequestModel, cfgModel: RequestCfgModel): Promise<void> {
+    // 只有在有 data 数据时才需要过滤
+    if (!reqModel.data || Object.keys(reqModel.data).length === 0) {
+      return;
+    }
+
+    // 只处理 sqlSimpleName 模式
+    const sqlSimpleName = cfgModel.sqlSimpleName;
+    if (!sqlSimpleName) {
+      return;
+    }
+
+    // 判断是否为 INSERT/UPDATE 类型的简单 SQL
+    if (!this.isSimpleInsertOrUpdateType(sqlSimpleName)) {
+      return;
+    }
+
+    // 构建 SqlCfgModel 用于获取表结构
+    const sqlCfgModel: ISqlCfgModel = {
+      sqlTable: cfgModel.sqlTable,
+      sqlSchema: cfgModel.sqlSchema,
+      sqlDatabase: cfgModel.sqlDatabase,
+      sqlDbType: cfgModel.sqlDbType,
+      columns: cfgModel.columns,
+      columnsRelation: cfgModel.columnsRelation,
+    };
+
+    const filteredData = await this.serviceHub.filterDataByTableMeta(reqModel.data, sqlCfgModel as ISqlCfgModel);
+
+    // 记录被过滤的字段
+    const originalKeys = Object.keys(reqModel.data);
+    const filteredKeys = Object.keys(filteredData);
+    const removedKeys = originalKeys.filter(key => !filteredKeys.includes(key));
+
+    if (removedKeys.length > 0) {
+      this.executeContext.getLogger().info('CrudPro.filterDataByTableMetaIfNeeded: 过滤掉表中不存在的字段', {
+        table: cfgModel.sqlTable,
+        removedFields: removedKeys,
+      });
+    }
+
+    // 直接修改 reqModel.data，只保留表中存在的字段
+    reqModel.data = filteredData;
+  }
+
+  /**
+   * 判断 sqlSimpleName 是否为 INSERT/UPDATE 类型
+   * @param sqlSimpleName 简单 SQL 名称
+   * @returns 是否为 INSERT/UPDATE 类型
+   */
+  private isSimpleInsertOrUpdateType(sqlSimpleName: string): boolean {
+    const insertOrUpdateTypes = [
+      KeysOfSimpleSQL.SIMPLE_INSERT,
+      KeysOfSimpleSQL.SIMPLE_UPDATE,
+      KeysOfSimpleSQL.SIMPLE_INSERT_ON_DUPLICATE_UPDATE,
+      KeysOfSimpleSQL.SIMPLE_INSERT_OR_UPDATE,
+    ];
+    return insertOrUpdateTypes.includes(sqlSimpleName as KeysOfSimpleSQL);
+  }
+
   private async executeSQLList() {
     try {
       await this.serviceHub.executeSqlCfgModels();

package/src/libs/crud-pro/interfaces.ts

@@ -12,9 +12,20 @@ export interface ICrudProCfg {
   tableMetaCacheTime?: number; // 表格元信息缓存时间
 }
 
+export interface ITableColumn {
+  name: string; // 字段名
+  type: string; // 数据类型
+  isNullable: boolean; // 是否可空
+  isPrimaryKey?: boolean; // 是否主键
+  defaultValue?: any; // 默认值
+  maxLength?: number; // 最大长度
+  comment?: string; // 字段注释
+}
+
 export interface ITableMeta {
   expiredTime: number; // 过期时间
   tableColumns: string[]; // 表格所有字段
+  columnDetails?: ITableColumn[]; // 详细的字段信息
 }
 
 export interface IConnectionPool {
@@ -200,4 +211,15 @@ export interface IExecuteUnsafeQueryCtx {
   sqlTable: string;
   sqlDatabase: string;
   sqlDbType: SqlDbType;
+  sqlSchema?: string;
+}
+
+/**
+ * 表结构元数据查询参数
+ */
+export interface ITableMetaQuery {
+  sqlTable: string;
+  sqlDatabase: string;
+  sqlDbType: SqlDbType;
+  sqlSchema?: string;
 }

package/src/libs/crud-pro/models/ServiceHub.ts

@@ -2,7 +2,7 @@ import { RequestCfgModel } from './RequestCfgModel';
 import { RequestModel } from './RequestModel';
 import { SqlCfgModel } from './SqlCfgModel';
 import { ExecuteContext } from './ExecuteContext';
-import { IFuncCfgModel, IRequestCfgModel, ITableMeta } from '../interfaces';
+import { IFuncCfgModel, IRequestCfgModel, ITableMeta, ITableMetaQuery } from '../interfaces';
 import { FuncContext } from './FuncContext';
 
 export interface ICurdProServiceHub {
@@ -28,5 +28,5 @@ export interface ICurdProServiceHub {
 
   executeFuncCfg(tmpFunCfg: IFuncCfgModel, exeFunCtx: FuncContext): string;
 
-  getTableMeta(sqlCfgModel: SqlCfgModel): Promise<ITableMeta>;
+  getTableMeta(query: ITableMetaQuery): Promise<ITableMeta>;
 }

package/src/libs/crud-pro/models/Transaction.ts

@@ -161,7 +161,11 @@ class Transaction {
     const connections = this.connectionList;
     for (let i = 0; i < connections.length; i++) {
       const connection = connections[i];
-      await connection.rollback();
+      try {
+        await connection.rollback();
+      } catch (e) {
+        console.error('[crud-pro] rollbackTx error', e);
+      }
     }
   }
 

package/src/libs/crud-pro/models/keys.ts

@@ -101,6 +101,7 @@ export const KeysOfCustomSQL = {
  */
 export const KeysOfConditions = {
   $OR: '$or', //或
+  $AND: '$and', //且
 
   $NE: '$ne', //不等于
   $LT: '$lt', //小于
@@ -109,8 +110,10 @@ export const KeysOfConditions = {
   $GTE: '$gte', //大于或等于
   $IN: '$in', //in
   $NIN: '$nin', // not in
-  $NOT_NULL: '$notNull', // is not null
-  $NULL: '$null', // is null
+
+  $NOT_NULL: '$notNull', // is not null ===> {"name": {"$notNull": true}}
+  $NULL: '$null', // is null   ===> {"name": {"$null": true}}
+
   $RANGE: '$range', // between 1 and 2
   $LIKE: '$like', //前缀匹配， A% 以A开头 {age:1, name:{"$like":"张"} }
   $NOT_LIKE: '$notLike', // 前缀匹配 A% 以A开头 {age:1, name:{"$notLike":"张"} }
@@ -160,6 +163,7 @@ function initKeysOfConditions() {
   // 所有操作符
   KeysOfConditions.ALL_KEYS = new Set([...KeysOfConditions.COMPARE_KEYS]);
   addIgnoreCase(KeysOfConditions.ALL_KEYS, KeysOfConditions.$OR);
+  addIgnoreCase(KeysOfConditions.ALL_KEYS, KeysOfConditions.$AND);
 }
 
 initKeysOfConditions();

package/src/libs/crud-pro/services/CrudProDataFilterService.ts

@@ -0,0 +1,58 @@
+import { CrudProServiceBase } from './CrudProServiceBase';
+import { ISqlCfgModel, ITableMetaQuery } from '../interfaces';
+
+/**
+ * 数据过滤服务
+ * 用于在 INSERT/UPDATE 操作前，根据真实表结构过滤 data 对象中的字段
+ */
+class CrudProDataFilterService extends CrudProServiceBase {
+  /**
+   * 根据表结构过滤 data 对象
+   * 只保留表中存在的字段
+   * @param data 原始 data 对象
+   * @param sqlCfgModel SQL 配置（可以是 ISqlCfgModel 接口或 SqlCfgModel 对象）
+   * @returns 过滤后的 data 对象
+   */
+  async filterDataByTableMeta(data: Record<string, any>, sqlCfgModel: ISqlCfgModel): Promise<Record<string, any>> {
+    if (!data || Object.keys(data).length === 0) {
+      return data;
+    }
+
+    // 确保 sqlTable 存在
+    if (!sqlCfgModel.sqlTable) {
+      this.logger.warn('CrudProDataFilterService: sqlTable 为空，跳过过滤');
+      return data;
+    }
+
+    const query: ITableMetaQuery = {
+      sqlTable: sqlCfgModel.sqlTable,
+      sqlDatabase: sqlCfgModel.sqlDatabase,
+      sqlDbType: sqlCfgModel.sqlDbType,
+      sqlSchema: sqlCfgModel.sqlSchema
+    }
+
+    const tableMeta = await this.serviceHub.getTableMeta(query);
+    if (!tableMeta || !tableMeta.tableColumns || tableMeta.tableColumns.length === 0) {
+      this.logger.warn('CrudProDataFilterService: 无法获取表结构信息，跳过过滤', sqlCfgModel.sqlTable);
+      return data;
+    }
+
+    const validColumns = new Set(tableMeta.tableColumns);
+    const filteredData: Record<string, any> = {};
+
+    for (const [key, value] of Object.entries(data)) {
+      if (validColumns.has(key)) {
+        filteredData[key] = value;
+      } else {
+        this.logger.debug('CrudProDataFilterService: 过滤掉不存在的字段', {
+          table: sqlCfgModel.sqlTable,
+          field: key,
+        });
+      }
+    }
+
+    return filteredData;
+  }
+}
+
+export { CrudProDataFilterService };

package/src/libs/crud-pro/services/CrudProGenSqlCondition.ts

@@ -95,6 +95,19 @@ class CrudProGenSqlCondition {
           }
         }
 
+        // AND
+        if (equalsIgnoreCase(KeysOfConditions.$AND, key)) {
+          TypeUtils.assertJsonArray(value, Exceptions.REQUEST_OR_PARAM_MUST_ARRAY);
+
+          const a = this.generateByLogicalAnd(value);
+          if (a != null) {
+            tmpSqlList.push(a.sql);
+            if (isNotEmpty(a.args)) {
+              tmpArgList.push(...a.args);
+            }
+          }
+        }
+
         // AND
         else if (TypeUtils.isBasicType(value)) {
           tmpSqlList.push(toSqlColumnName(key) + '= ?');
@@ -122,6 +135,30 @@ class CrudProGenSqlCondition {
     return new SqlSegArg(sql, tmpArgList);
   }
 
+
+  private generateByLogicalAnd(jsonArray: IRequestCondition[]): SqlSegArg {
+    if (MixinUtils.isEmpty(jsonArray)) {
+      return null;
+    }
+
+    const tmpSqlList = [];
+    const tmpArgList = [];
+
+    for (let i = 0; i < jsonArray.length; i++) {
+      const jsonObject = jsonArray[i];
+      const a = this.generateByLogicalKey(jsonObject);
+      if (a != null) {
+        tmpSqlList.push(a.sql);
+        if (MixinUtils.isNotEmpty(a.args)) {
+          tmpArgList.push(...a.args);
+        }
+      }
+    }
+    const sql = '(' + tmpSqlList.join(' AND ') + ')';
+    return new SqlSegArg(sql, tmpArgList);
+  }
+
+
   private generateByLogicalOR(jsonArray: IRequestCondition[]): SqlSegArg {
     if (MixinUtils.isEmpty(jsonArray)) {
       return null;

package/src/libs/crud-pro/services/CrudProOriginToExecuteSql.ts

@@ -1,5 +1,6 @@
 import { CrudProServiceBase } from './CrudProServiceBase';
 import { SqlCfgModel } from '../models/SqlCfgModel';
+import { ITableMetaQuery } from '../interfaces';
 import { MixinUtils } from '../utils/MixinUtils';
 import { SqlSegArg } from '../models/SqlSegArg';
 import { KeysOfCustomSQL, SqlDbType } from '../models/keys';
@@ -365,7 +366,15 @@ class CrudProOriginToExecuteSql extends CrudProServiceBase {
    * @private
    */
   private async generateCfgColumns(sqlCfgModel: SqlCfgModel): Promise<string[]> {
-    const tableMeta = await this.serviceHub.getTableMeta(sqlCfgModel);
+
+    const query: ITableMetaQuery = {
+      sqlTable: sqlCfgModel.sqlTable,
+      sqlDatabase: sqlCfgModel.sqlDatabase,
+      sqlDbType: sqlCfgModel.sqlDbType,
+      sqlSchema: sqlCfgModel.sqlSchema
+    }
+
+    const tableMeta = await this.serviceHub.getTableMeta(query);
 
     const tableColumns = tableMeta.tableColumns;
     const cfgColumns = sqlCfgModel.columns || [];