npm - mm_os - Versions diffs - 3.2.8 → 3.3.0 - Mend

mm_os 3.2.8 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.md +47 -1
package/core/base/mqtt/index.js +344 -157
package/core/base/web/index.js +98 -11
package/core/com/middleware/com.js +152 -152
package/core/com/socket/config.tpl.json +2 -2
package/core/com/socket/drive.js +2 -2
package/core/com/socket/index.js +1 -1
package/core/com/sql/drive.js +7 -7
package/index.js +41 -37
package/middleware/performance/index.js +150 -142
package/middleware/security_audit/index.js +549 -0
package/middleware/security_audit/middleware.json +48 -0
package/middleware/security_headers/index.js +487 -0
package/middleware/security_headers/middleware.json +45 -0
package/middleware/waf/index.js +277 -6
package/middleware/waf/middleware.json +2 -1
package/middleware/waf_ddos/index.js +520 -0
package/middleware/waf_ddos/middleware.json +38 -0
package/middleware/waf_ip/index.js +231 -20
package/middleware/waf_ip/middleware.json +43 -4
package/middleware/waf_xss/index.js +269 -0
package/middleware/waf_xss/middleware.json +18 -0
package/middleware/web_before/middleware.json +1 -1
package/middleware/web_socket/middleware.json +2 -2
package/package.json +18 -7
package/middleware/cors/index.js +0 -103
package/middleware/cors/middleware.json +0 -9
package/middleware/log/index.js +0 -32
package/middleware/log/middleware.json +0 -9
package/middleware/rate_limit/index.js +0 -112
package/middleware/rate_limit/middleware.json +0 -10
package/nodemon.json +0 -31
package/package.txt +0 -1
package/rps.bat +0 -3
package/test.js +0 -5
package/tps.bat +0 -3
package/update.bat +0 -1
package//347/263/273/347/273/237/346/236/266/346/236/204/350/257/204/344/274/260/344/270/216/344/274/230/345/214/226/345/273/272/350/256/256.md +0 -599

package/package.json CHANGED Viewed

@@ -1,12 +1,12 @@
 {
 	"name": "mm_os",
-	"version": "3.2.8",
+	"version": "3.3.0",
 	"description": "这是超级美眉服务端框架，用于快速构建应用程序。",
 	"main": "index.js",
 	"scripts": {
-		"test": "cross-env NODE_ENV=test node ./demo/index.js",
-		"start": "node --trace-warnings ./demo/index.js",
-		"dev": "cross-env NODE_ENV=development nodemon ./demo/index.js"
+		"test": "cross-env NODE_ENV=test node --no-warnings=DEP0060 ./demo/index.js",
+		"start": "node --trace-warnings --no-warnings=DEP0060 ./demo/index.js",
+		"dev": "cross-env NODE_ENV=development nodemon --no-warnings=DEP0060 ./demo/index.js"
 	},
 	"repository": {
 		"type": "git",
@@ -29,14 +29,25 @@
 	],
 	"author": "邱文武",
 	"license": "ISC",
+	"files": [
+		"index.js",
+		"core/**",
+		"lib/**",
+		"middleware/**",
+		"conf.json",
+		"README.md",
+		"README.en.md",
+		"LICENSE"
+	],
 	"dependencies": {
-		"compressing": "^1.10.3",
-		"koa": "^3.0.0",
+		"compressing": "^2.0.0",
+		"koa": "^3.0.1",
 		"koa-body": "^6.0.1",
 		"koa-compress": "^5.1.1",
 		"koa-send": "^5.0.1",
 		"koa-websocket": "^7.0.0",
 		"mm_check": "^1.5.0",
+		"mm_email": "^1.0.3",
 		"mm_excel": "^1.2.2",
 		"mm_expand": "^1.8.3",
 		"mm_html": "^1.1.7",
@@ -53,6 +64,6 @@
 		"mm_tpl": "^2.4.3",
 		"mm_xml": "^1.1.7",
 		"mosca": "^2.8.3",
-		"mqtt": "^5.13.1"
+		"mqtt": "^5.14.1"
 	}
 }

package/middleware/cors/index.js DELETED Viewed

@@ -1,103 +0,0 @@
-/**
- * 跨域请求
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	var cos = config.cos;
-	if (cos && cos.status) {
-		if (cos.headers && cos.origin !== "*") {
-			/* 跨域限制（web防火墙） */
-			server.use(async (ctx, next) => {
-				try {
-					var req = ctx.request;
-					// 允许来自所有域名请求
-					ctx.set('Access-Control-Allow-Origin', cos.origin);
-					// 这样就能只允许 http://localhost:8080 这个域名的请求了
-					// ctx.set("Access-Control-Allow-Origin", "http://localhost:8080");
-					// 字段是必需的。它也是一个逗号分隔的字符串，表明服务器支持的所有头信息字段.
-					if (req.method == "OPTIONS") {
-						ctx.set('Access-Control-Allow-Headers', cos.headers);
-						// 服务器收到请求以后，检查了Origin、Access-Control-Request-Method和Access-Control-Request-Headers字段以后，确认允许跨源请求，就可以做出回应。
-						// Content-Type表示具体请求中的媒体类型信息
-						// ctx.set("Content-Type", "application/json;charset=utf-8");
-						// 设置所允许的HTTP请求方法PUT,POST,GET,DELETE,HEAD,OPTIONS
-						// ctx.set('Access-Control-Allow-Methods', 'GET,POST');
-						// 该字段可选。它的值是一个布尔值，表示是否允许发送Cookie。默认情况下，Cookie不包括在CORS请求之中。
-						// 当设置成允许请求携带cookie时，需要保证"Access-Control-Allow-Origin"是服务器有的域名，而不能是"*";
-						// ctx.set("Access-Control-Allow-Credentials", 'false');
-						// 该字段可选，用来指定本次预检请求的有效期，单位为秒。
-						// 当请求方法是PUT或DELETE等特殊方法或者Content-Type字段的类型是application/json时，服务器会提前发送一次请求进行验证
-						// 下面的的设置只本次验证的有效时间，即在该时间段内服务端可以不用进行验证
-						// ctx.set("Access-Control-Max-Age", '3600');
-						/*
-						CORS请求时，XMLHttpRequest对象的getResponseHeader()方法只能拿到6个基本字段：
-						    Cache-Control、
-						    Content-Language、
-						    Content-Type、
-						    Expires、
-						    Last-Modified、
-						    Pragma
-						*/
-						// 需要获取其他字段时，使用Access-Control-Expose-Headers，
-						// getResponseHeader('myData')可以返回我们所需的值
-						// ctx.set("Access-Control-Expose-Headers", "myData");
-						ctx.status = 204;
-					} else {
-						await next();
-					}
-				} catch (error) {
-					$.log.error('CORS中间件错误(origin限制):', error);
-					// 出错时默认允许请求继续处理
-					await next();
-				}
-			});
-		} else if (cos.headers && cos.headers !== "*") {
-			/* 跨域限制（web防火墙） */
-			server.use(async (ctx, next) => {
-				try {
-					var req = ctx.request;
-					// 允许来自所有域名请求
-					ctx.set('Access-Control-Allow-Origin', '*');
-					// ctx.set('Access-Control-Allow-Methods', 'GET,POST,OPTIONS');
-					if (req.method === 'OPTIONS') {
-						ctx.set('Access-Control-Allow-Headers', cos.headers);
-						ctx.status = 204;
-					} else {
-						await next();
-					}
-				} catch (error) {
-					$.log.error('CORS中间件错误(headers限制):', error);
-					// 出错时默认允许请求继续处理
-					await next();
-				}
-			});
-		} else {
-			/* 跨域限制（web防火墙） */
-			server.use(async (ctx, next) => {
-				try {
-					var req = ctx.request;
-					// 允许来自所有域名请求
-					ctx.set('Access-Control-Allow-Origin', '*');
-					// ctx.set('Access-Control-Allow-Methods', 'GET,POST,OPTIONS');
-					if (req.method === 'OPTIONS') {
-						ctx.set('Access-Control-Allow-Headers', '*');
-						ctx.status = 204;
-					} else {
-						await next();
-					}
-				} catch (error) {
-					$.log.error('CORS中间件错误(完全宽松):', error);
-					// 出错时默认允许请求继续处理
-					await next();
-				}
-			});
-		}
-	}
-	return server;
-};

package/middleware/cors/middleware.json DELETED Viewed

@@ -1,9 +0,0 @@
-{
-	"name": "web_cors",
-	"title": "web跨域请求",
-	"description": "用于跨域请求限制",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 50
-}

package/middleware/log/index.js DELETED Viewed

@@ -1,32 +0,0 @@
-/**
- * web日志
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	/* 跨域限制（web防火墙） */
-	server.use(async (ctx, next) => {
-		try {
-			var url = ctx.path + ctx.querystring;
-			var body = "";
-			if (ctx.request.body) {
-				try {
-					body = JSON.stringify(ctx.request.body);
-					if (body.length > 1024) {
-						body = body.substring(0, 1024) + "..."
-					}
-				} catch (jsonError) {
-					body = "[无法序列化请求体]";
-					$.log.error('日志中间件JSON序列化错误:', jsonError);
-				}
-			}
-			$.log.http(`${ctx.method}\t${url}\t${body}`);
-			await next();
-		} catch (error) {
-			$.log.error('log中间件错误:', error);
-			// 确保请求可以继续处理
-			await next();
-		}
-	});
-	return server;
-};

package/middleware/log/middleware.json DELETED Viewed

@@ -1,9 +0,0 @@
-{
-	"name": "web_log",
-	"title": "web请求日志",
-	"description": "用于记录http请求",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 40
-}

package/middleware/rate_limit/index.js DELETED Viewed

@@ -1,112 +0,0 @@
-/**
- * API速率限制中间件
- * 用于防止DoS攻击，限制客户端在一定时间内的请求频率
- * @param {Object} server 服务实例
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-    // 初始化速率限制配置
-    const cg = {
-        // 默认配置
-        windowMs: 60 * 1000,      // 时间窗口，调整为1分钟（更精细的限制）
-        maxRequests: 5000,         // 每个时间窗口内的最大请求数，从1000提高到5000
-        message: '请求过于频繁，请稍后再试', // 超过限制时的提示信息
-        statusCode: 429,          // 超过限制时的HTTP状态码
-        // 白名单路径，这些路径不受速率限制
-        whitelistPaths: [],
-        // 合并用户配置
-        ...(config && config.rate_limit ? config.rate_limit : {})
-    };
-    // 生成基于IP的唯一标识符
-    function getClientKey(ctx) {
-        // 优先使用X-Forwarded-For头部（如果有代理的话）
-        const forwardedFor = ctx.headers['x-forwarded-for'];
-        if (forwardedFor) {
-            // 通常格式为：X-Forwarded-For: client, proxy1, proxy2
-            return forwardedFor.split(',')[0].trim();
-        }
-        // 直接使用IP地址
-        return ctx.ip;
-    }
-    // 使用Redis存储请求计数
-    async function incrementRequestWithRedis(clientKey) {
-        try {
-            // 检查Redis是否可用
-            if ($.cache && typeof $.cache.addInt === 'function') {
-                const key = `rate_limit:${clientKey}`;
-                // 使用addInt方法增加计数（mm_redis包提供的方法）
-                const count = await $.cache.addInt(key, 1);
-                // 设置过期时间
-                await $.cache.ttl(key, Math.ceil(cg.windowMs / 1000));
-                return count || 0;
-            }
-        } catch (error) {
-            $.log.error('Redis速率限制失败:', error);
-        }
-        // Redis不可用时返回null，将使用内存存储
-        return null;
-    }
-    // 中间件主逻辑
-    server.use(async (ctx, next) => {
-        try {
-            // 跳过静态文件和favicon请求
-            if (ctx.path === '/favicon.ico' || ctx.path.startsWith('/static/')) {
-                await next();
-                return;
-            }
-            // 检查是否是白名单路径
-            if (cg.whitelistPaths && cg.whitelistPaths.some(path =>
-                ctx.path === path || ctx.path.startsWith(path + '/'))) {
-                await next();
-                return;
-            }
-            // 获取客户端唯一标识符
-            const clientKey = getClientKey(ctx);
-            let requestCount = await incrementRequestWithRedis(clientKey);
-            // 设置响应头部，告知客户端当前的限制状态
-            ctx.set('X-RateLimit-Limit', cg.maxRequests);
-            ctx.set('X-RateLimit-Remaining', Math.max(0, cg.maxRequests - requestCount));
-            // 检查是否超过限制
-            if (requestCount > cg.maxRequests) {
-                $.log.warn(`API速率限制触发: ${clientKey} 请求 ${ctx.path} 次数过多`);
-                ctx.status = cg.statusCode;
-                ctx.body = {
-                    code: cg.statusCode,
-                    msg: cg.message
-                };
-                // 记录超过限制的请求
-                if ($.log && $.log.warn) {
-                    $.log.warn(`速率限制触发: IP=${clientKey}, Path=${ctx.path}, Method=${ctx.method}`);
-                }
-                return;
-            }
-            // 继续处理请求
-            await next();
-        } catch (error) {
-            $.log.error('速率限制中间件错误:', error);
-            // 确保请求可以继续处理
-            await next();
-        }
-    });
-    // 记录中间件初始化信息
-    $.log.info(`速率限制中间件已加载: ${cg.maxRequests}请求/${cg.windowMs/1000}秒`);
-    return server;
-};

package/middleware/rate_limit/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-  "name": "rate_limit",
-  "title": "API速率限制",
-  "description": "限制客户端在一定时间内的请求频率，防止DoS攻击",
-  "version": "1.0",
-  "type": "web",
-  "process_type": "common_before",
-  "sort": 50,
-  "script": "index.js"
-}

package/nodemon.json DELETED Viewed

@@ -1,31 +0,0 @@
-{
-	"restartable": "rs",
-	"ignore": [
-		".git",
-		".svn",
-		"cache",
-		"log",
-		"node_modules/**/node_modules",
-		"**/cache/**",
-		"game/data",
-		"**/conf.json",
-		"*/static/*/*.json",
-		"*/static/*.js"
-	],
-	"verbose": true,
-	"execMap": {
-		"": "node",
-		"js": "node --harmony"
-	},
-	"watch": [
-		"demo",
-		"lib",
-		"core",
-		"test"
-	],
-	"env": {
-		"NODE_ENV": "development"
-	},
-	"ext": "js ts json",
-	"legacy-watch": false
-}

package/package.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- mm_check mm_excel mm_expand mm_html mm_koa_proxy mm_logs mm_machine mm_mongodb mm_mqtt mm_mysql mm_redis mm_ret mm_session mm_statics mm_tpl mm_xml

package/rps.bat DELETED Viewed

@@ -1,3 +0,0 @@
-@echo off
-loadtest http://localhost:5000/test/helloworld -t 20 -c 10 --keepalive --rps 1000
-pause

package/test.js DELETED Viewed

@@ -1,5 +0,0 @@
-var OS = require("./index.js");
-var os = new OS();
-os.run();

package/tps.bat DELETED Viewed

@@ -1,3 +0,0 @@
-@echo off
-loadtest -n 10000 -s TLSv1_method http://localhost:5000/ws/tt
-pause

package/update.bat DELETED Viewed

	@@ -1 +0,0 @@
1	- npm i mm_check mm_excel mm_expand mm_html mm_koa_proxy mm_logs mm_machine mm_mongodb mm_mqtt mm_mysql mm_redis mm_ret mm_session mm_statics mm_tpl mm_xml