npm - mm_os - Versions diffs - 3.2.9 → 3.3.0 - Mend

mm_os 3.2.9 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.md +47 -1
package/core/base/mqtt/index.js +10 -10
package/core/base/web/index.js +98 -11
package/core/com/middleware/com.js +152 -152
package/core/com/socket/config.tpl.json +2 -2
package/core/com/socket/drive.js +2 -2
package/core/com/socket/index.js +1 -1
package/core/com/sql/drive.js +7 -7
package/index.js +40 -30
package/middleware/performance/index.js +150 -142
package/middleware/security_audit/index.js +549 -0
package/middleware/security_audit/middleware.json +48 -0
package/middleware/security_headers/index.js +487 -0
package/middleware/security_headers/middleware.json +45 -0
package/middleware/waf/index.js +277 -6
package/middleware/waf/middleware.json +2 -1
package/middleware/waf_ddos/index.js +520 -0
package/middleware/waf_ddos/middleware.json +38 -0
package/middleware/waf_ip/index.js +231 -20
package/middleware/waf_ip/middleware.json +43 -4
package/middleware/waf_xss/index.js +269 -0
package/middleware/waf_xss/middleware.json +18 -0
package/middleware/web_before/middleware.json +1 -1
package/middleware/web_socket/middleware.json +2 -2
package/package.json +18 -7
package/middleware/cors/index.js +0 -103
package/middleware/cors/middleware.json +0 -9
package/middleware/log/index.js +0 -32
package/middleware/log/middleware.json +0 -9
package/middleware/rate_limit/index.js +0 -112
package/middleware/rate_limit/middleware.json +0 -10
package/nodemon.json +0 -31
package/package.txt +0 -1
package/rps.bat +0 -3
package/test.js +0 -10
package/tps.bat +0 -3
package/update.bat +0 -1
package//347/263/273/347/273/237/346/236/266/346/236/204/350/257/204/344/274/260/344/270/216/344/274/230/345/214/226/345/273/272/350/256/256.md +0 -599

package/middleware/waf_ip/index.js CHANGED Viewed

@@ -16,34 +16,200 @@ function getClientIP(req) {
 	if (ip && ip.split(',').length > 0) {
 		ip = ip.split(',')[0]; // 取第一个IP地址
 	}
+	// 处理IPv6本地地址
+	if (ip === '::1' || ip === '::ffff:127.0.0.1') {
+		ip = '127.0.0.1';
+	}
+	// 移除可能的端口号
+	if (ip && ip.includes(':')) {
+		ip = ip.split(':')[0];
+	}
 	return ip;
 };
+/**
+ * 检查IP是否在白名单中
+ * @param {String} ip IP地址
+ * @param {Array} whitelist 白名单IP数组
+ * @returns {Boolean} 是否在白名单中
+ */
+function isInWhitelist(ip, whitelist) {
+	if (!whitelist || !Array.isArray(whitelist)) return false;
+	return whitelist.some(whiteIP => {
+		// 支持CIDR格式（如192.168.1.0/24）
+		if (whiteIP.includes('/')) {
+			return ipInCidr(ip, whiteIP);
+		}
+		return ip === whiteIP;
+	});
+}
+/**
+ * 检查IP是否在CIDR范围内
+ * @param {String} ip IP地址
+ * @param {String} cidr CIDR格式字符串（如192.168.1.0/24）
+ * @returns {Boolean} 是否在范围内
+ */
+function ipInCidr(ip, cidr) {
+	const [network, prefixLength] = cidr.split('/');
+	const netmask = -1 << (32 - parseInt(prefixLength, 10));
+	function ipToInt(ip) {
+		return ip.split('.').reduce((acc, octet) => (acc << 8) + parseInt(octet, 10), 0) >>> 0;
+	}
+	return (ipToInt(ip) & netmask) === (ipToInt(network) & netmask);
+}
 /**
  * 设置黑名单
  * @param {String} ip IP地址
+ * @param {Object} config 配置参数
  */
-function setting_blacklist(ip) {
+async function setting_blacklist(ip, config) {
+	// 检查是否已在黑名单中
+	const blacklistKey = `blacklist_${ip}`;
+	try {
+		const isBlacklisted = await $.cache.get(blacklistKey);
+		if (isBlacklisted) {
+			$.log.info(`IP ${ip} 已在黑名单中，无需重复添加`);
+			return;
+		}
+	} catch (error) {
+		$.log.error('检查黑名单缓存错误:', error);
+	}
 	var cmd;
 	if (platform == "win32") {
-		// window 系统
-		cmd =
-			`netsh advfirewall firewall add rule name="Blacklist ${ip}" dir=in action=block remoteip="${ip}" protocol=any`
+		// Windows系统
+		cmd = `netsh advfirewall firewall add rule name="Blacklist ${ip}" dir=in action=block remoteip="${ip}" protocol=any`;
 	} else {
-		// linux 系统
-		cmd = `sudo iptables -A INPUT -s ${ip} -j DROP`;
+		// Linux系统 - 不使用sudo，让系统确保权限
+		cmd = `iptables -A INPUT -s ${ip} -j DROP`;
 	}
-	exec(cmd, (error, stdout, stderr) => {
-		if (error) {
-			console.error(`执行的错误: ${error}`);
-			return;
+	try {
+		// 使用Promise包装exec以支持异步操作
+		await new Promise((resolve, reject) => {
+			exec(cmd, (error, stdout, stderr) => {
+				if (error) {
+					console.error(`执行黑名单命令错误: ${error}`);
+					reject(error);
+					return;
+				}
+				$.log.info(`IP ${ip} 已加入防火墙黑名单`);
+				if (stderr) {
+					console.error(`黑名单命令标准错误: ${stderr}`);
+				}
+				resolve();
+			});
+		});
+		// 记录到缓存，支持黑名单过期时间
+		const expireTime = config.blacklist_expire_time || 86400000; // 默认1天
+		await $.cache.set(blacklistKey, true, expireTime);
+		// 记录黑名单IP，便于管理
+			const blacklistIPsKey = 'blacklisted_ips';
+			let blacklistIPs = [];
+			try {
+				const existing = await $.cache.get(blacklistIPsKey);
+				if (existing) {
+					blacklistIPs = typeof existing === 'string' ? JSON.parse(existing) : existing;
+				}
+				if (!Array.isArray(blacklistIPs)) {
+					blacklistIPs = [];
+				}
+				if (!blacklistIPs.includes(ip)) {
+					blacklistIPs.push(ip);
+					await $.cache.set(blacklistIPsKey, blacklistIPs, 0); // 永不过期
+				}
+			} catch (cacheError) {
+				$.log.error('保存黑名单IP列表错误:', cacheError);
+			}
+	} catch (error) {
+		$.log.error(`添加IP ${ip} 到黑名单失败:`, error);
+	}
+}
+/**
+ * 从防火墙中移除黑名单IP
+ * @param {String} ip IP地址
+ */
+async function remove_blacklist(ip) {
+	var cmd;
+	if (platform == "win32") {
+		// Windows系统
+		cmd = `netsh advfirewall firewall delete rule name="Blacklist ${ip}"`;
+	} else {
+		// Linux系统
+		cmd = `iptables -D INPUT -s ${ip} -j DROP`;
+	}
+	try {
+		await new Promise((resolve, reject) => {
+			exec(cmd, (error, stdout, stderr) => {
+				if (error) {
+					console.error(`移除黑名单命令错误: ${error}`);
+					// 对于Windows，如果规则不存在，delete命令也会返回错误，但这不是严重问题
+					if (platform !== "win32") {
+						reject(error);
+						return;
+					}
+				}
+				$.log.info(`IP ${ip} 已从防火墙黑名单中移除`);
+				if (stderr) {
+					console.error(`移除黑名单命令标准错误: ${stderr}`);
+				}
+				resolve();
+			});
+		});
+		// 从缓存中移除
+		await $.cache.del(`blacklist_${ip}`);
+		// 从黑名单列表中移除
+		const blacklistIPsKey = 'blacklisted_ips';
+		try {
+			const existing = await $.cache.get(blacklistIPsKey);
+			if (existing) {
+				let blacklistIPs = typeof existing === 'string' ? JSON.parse(existing) : existing;
+				if (Array.isArray(blacklistIPs)) {
+					blacklistIPs = blacklistIPs.filter(ipItem => ipItem !== ip);
+					await $.cache.set(blacklistIPsKey, blacklistIPs, 0);
+				}
+			}
+		} catch (cacheError) {
+			$.log.error('更新黑名单IP列表错误:', cacheError);
 		}
-		$.log.info(`加入黑名单: ${ip}`);
-		if (stderr) {
-			console.error(`标准错误输出: ${stderr}`);
+	} catch (error) {
+		$.log.error(`移除IP ${ip} 从黑名单失败:`, error);
+	}
+}
+/**
+ * 初始化功能 - 加载持久化的黑名单并应用
+ * @param {Object} config 配置参数
+ */
+async function initBlacklist(config) {
+	if (!config.persist_blacklist) return;
+	try {
+		const blacklistIPsKey = 'blacklisted_ips';
+		const existing = await $.cache.get(blacklistIPsKey);
+		if (existing) {
+			let blacklistIPs = typeof existing === 'string' ? JSON.parse(existing) : existing;
+			if (Array.isArray(blacklistIPs) && blacklistIPs.length > 0) {
+				$.log.info(`正在应用 ${blacklistIPs.length} 个持久化的黑名单IP规则...`);
+				for (const ip of blacklistIPs) {
+					// 重新应用黑名单规则
+					await setting_blacklist(ip, config);
+				}
+			}
 		}
-	});
+	} catch (error) {
+		$.log.error('初始化持久化黑名单失败:', error);
+	}
 }
 /**
@@ -51,10 +217,19 @@ function setting_blacklist(ip) {
  * @param {Object} server 服务
  * @param {Object} config 配置参数
  */
-module.exports = function(server, config) {
-	var limit = config.request_limit || 0;
-	var duration = config.request_duration || 0;
-	var block = config.request_block || false;
+module.exports = async function(server, config) {
+	// 从配置中获取参数，提供默认值
+	var limit = config.request_limit || 1000; // 默认每分钟1000请求
+	var duration = config.request_duration || 60000; // 默认60秒
+	var block = config.request_block || true; // 默认启用黑名单
+	var whitelist = config.ip_whitelist || []; // IP白名单
+	var blacklist_expire_time = config.blacklist_expire_time || 86400000; // 默认黑名单1天过期
+	var persist_blacklist = config.persist_blacklist !== undefined ? config.persist_blacklist : true; // 是否持久化黑名单
+	// 初始化持久化黑名单
+	if (persist_blacklist) {
+		await initBlacklist(config);
+	}
 	if (limit && duration) {
 		/* WAF（web防火墙） */
@@ -63,11 +238,33 @@ module.exports = function(server, config) {
 				var pass = true;
 				// 获取IP
 				var ip = getClientIP(ctx.req);
+				// 检查白名单
+				if (isInWhitelist(ip, whitelist)) {
+					ctx.request.ip = ip;
+					ctx.ip = ip;
+					await next();
+					return;
+				}
+				// 检查是否已被黑名单
+				try {
+					const isBlacklisted = await $.cache.get(`blacklist_${ip}`);
+					if (isBlacklisted) {
+						ctx.status = 403;
+						ctx.body = '您的IP已被禁止访问';
+						return;
+					}
+				} catch (blacklistCheckError) {
+					$.log.error('检查黑名单状态错误:', blacklistCheckError);
+				}
 				var num = 1;
 				var now = new Date();
 				var date = now.toStr('yyyy-MM-dd');
 				var time;
 				var json;
 				try {
 					var str = await $.cache.get("ip_" + ip);
 					if (str) {
@@ -81,6 +278,7 @@ module.exports = function(server, config) {
 						} else {
 							json = str;
 						}
 						if (json) {
 							try {
 								if (json.date !== date) {
@@ -100,7 +298,7 @@ module.exports = function(server, config) {
 												// 超出上限禁止访问，并加入黑名单
 												pass = false;
 												if (block) {
-													setting_blacklist(ip);
+													await setting_blacklist(ip, config);
 												}
 											}
 										}
@@ -115,7 +313,7 @@ module.exports = function(server, config) {
 												// 超出上限禁止访问，并加入黑名单
 												pass = false;
 												if (block) {
-													setting_blacklist(ip);
+													await setting_blacklist(ip, config);
 												}
 											}
 										}
@@ -135,9 +333,11 @@ module.exports = function(server, config) {
 					$.log.error('WAF IP中间件缓存操作错误:', cacheError);
 					// 缓存出错时，默认允许请求通过
 				}
 				if (!time) {
 					time = now.toStr('yyyy-MM-dd hh:mm:ss');
 				}
 				if (pass) {
 					try {
 						await $.cache.set("ip_" + ip, JSON.stringify({
@@ -164,5 +364,16 @@ module.exports = function(server, config) {
 			}
 		});
 	}
+	// 提供手动管理黑名单的API方法
+	if (!$.waf_ip) {
+		$.waf_ip = {
+			addBlacklist: setting_blacklist,
+			removeBlacklist: remove_blacklist,
+			getClientIP: getClientIP,
+			isInWhitelist: isInWhitelist
+		};
+	}
 	return server;
 };

package/middleware/waf_ip/middleware.json CHANGED Viewed

@@ -1,10 +1,49 @@
 {
 	"name": "web_waf_ip",
-	"title": "IP防火墙",
-	"description": "用于防止DOS攻击",
-	"version": "1.0",
+	"title": "IP防火墙增强版",
+	"description": "增强版IP防火墙，支持IP白名单、黑名单持久化、自动过期等功能，有效防止DOS攻击",
+	"version": "2.0",
 	"type": "web",
 	"process_type": "common_before",
 	"sort": 10,
-	"state": 0
+	"state": 1,
+	"config": {
+		"request_limit": {
+			"type": "number",
+			"title": "请求限制数量",
+			"description": "在指定时间内允许的最大请求数",
+			"value": 1000,
+			"placeholder": "请输入数字"
+		},
+		"request_duration": {
+			"type": "number",
+			"title": "统计时间窗口（毫秒）",
+			"description": "请求计数的时间窗口，单位为毫秒",
+			"value": 60000,
+			"placeholder": "请输入毫秒数"
+		},
+		"request_block": {
+			"type": "boolean",
+			"title": "启用黑名单封禁",
+			"description": "是否将超限IP添加到系统防火墙黑名单",
+			"value": true
+		},
+		"ip_whitelist": [
+			"192.168.31.5",
+			"127.0.0.1"
+		],
+		"blacklist_expire_time": {
+			"type": "number",
+			"title": "黑名单过期时间（毫秒）",
+			"description": "IP被添加到黑名单后自动失效的时间，单位为毫秒",
+			"value": 86400000,
+			"placeholder": "请输入毫秒数"
+		},
+		"persist_blacklist": {
+			"type": "boolean",
+			"title": "持久化黑名单",
+			"description": "系统重启后是否自动重新应用已保存的黑名单规则",
+			"value": true
+		}
+	}
 }

package/middleware/waf_xss/index.js ADDED Viewed

@@ -0,0 +1,269 @@
+const mm_expand = require('mm_expand');
+/**
+ * XSS攻击防护中间件
+ */
+class Middleware {
+    /**
+     * 构造函数
+     */
+    constructor() {
+        this.default = {
+            // 过滤模式: sanitize(清理) | encode(编码) | both(同时进行)
+            mode: 'both',
+            // 是否过滤URL参数
+            query: true,
+            // 是否过滤表单数据
+            body: true,
+            // 是否过滤Cookie
+            cookie: true,
+            // 白名单标签
+            allowedTags: ['p', 'span', 'b', 'i', 'u', 'strong', 'em', 'br'],
+            // 白名单属性
+            allowedAttributes: ['id', 'class', 'style'],
+            // 是否记录XSS攻击尝试
+            log: true,
+            // 是否阻止恶意请求
+            block: true
+        };
+    }
+    /**
+     * 初始化中间件
+     * @param {Object} config 配置项
+     */
+    init(config) {
+        config = Object.assign({}, this.default, config);
+        this.config = config;
+        return function() {
+            // 返回中间件的run方法作为实际的处理函数
+            return function(ctx, next) {
+                return middleware.run(ctx, next);
+            };
+        };
+    }
+    /**
+     * 获取客户端真实IP
+     * 在代理环境中，优先从代理头获取真实IP
+     * @param {Object} ctx Koa上下文
+     * @returns {String} 客户端真实IP
+     */
+    getClientIp(ctx) {
+        const headers = ctx.headers;
+        // 优先检查常用代理头获取真实IP
+        // 注意：X-Forwarded-For 可能包含多个IP，取第一个非未知IP的值
+        const xForwardedFor = headers['x-forwarded-for'];
+        if (xForwardedFor) {
+            // X-Forwarded-For 格式通常为: client, proxy1, proxy2
+            const ips = xForwardedFor.split(',').map(ip => ip.trim());
+            for (let i = 0; i < ips.length; i++) {
+                const ip = ips[i];
+                if (ip && ip !== 'unknown' && ip !== '127.0.0.1' && ip !== '::1') {
+                    return ip;
+                }
+            }
+        }
+        // 检查其他常见的代理头
+        return headers['x-real-ip'] ||
+               headers['x-client-ip'] ||
+               headers['cf-connecting-ip'] || // CloudFlare
+               headers['fastly-client-ip'] || // Fastly
+               headers['true-client-ip'] || // Akamai and Cloudflare
+               ctx.ip; // 默认回退到ctx.ip
+    }
+    /**
+     * 执行中间件
+     * @param {Object} ctx Koa上下文
+     * @param {Function} next 下一个中间件
+     */
+    async run(ctx, next) {
+        const config = this.config;
+        let hasXSS = false;
+        let attackInfo = {};
+        // 清理URL查询参数
+        if (config.query && ctx.query) {
+            for (let key in ctx.query) {
+                const original = ctx.query[key];
+                const sanitized = this.sanitizeInput(original, config);
+                if (original !== sanitized) {
+                    ctx.query[key] = sanitized;
+                    hasXSS = true;
+                    attackInfo[`query.${key}`] = { original, sanitized };
+                }
+            }
+        }
+        // 清理请求体数据
+        if (config.body && ctx.request.body) {
+            this.cleanObject(ctx.request.body, config, attackInfo, 'body', hasXSS);
+        }
+        // 清理Cookie
+        if (config.cookie && ctx.cookies) {
+            const cookies = ctx.headers.cookie;
+            if (cookies) {
+                // 记录Cookie中的XSS尝试但不修改，因为修改Cookie需要重新设置
+                const cookieArr = cookies.split(';');
+                for (let cookie of cookieArr) {
+                    const [name, value] = cookie.split('=').map(item => item.trim());
+                    const sanitized = this.sanitizeInput(decodeURIComponent(value), config);
+                    if (value !== sanitized) {
+                        hasXSS = true;
+                        attackInfo[`cookie.${name}`] = { original: value, sanitized };
+                    }
+                }
+            }
+        }
+        // 记录XSS攻击尝试
+        if (hasXSS && config.log && $.log) {
+            $.log.warn('XSS Attack Attempt Detected:', {
+                ip: this.getClientIp(ctx),
+                path: ctx.path,
+                method: ctx.method,
+                attackInfo
+            });
+        }
+        // 阻止恶意请求
+        if (hasXSS && config.block) {
+            ctx.status = 403;
+            ctx.body = {
+                code: 403,
+                msg: 'Forbidden: Potential XSS attack detected'
+            };
+            return;
+        }
+        // 添加安全响应头
+        this.addSecurityHeaders(ctx);
+        await next();
+    }
+    /**
+     * 递归清理对象中的XSS内容
+     * @param {Object} obj 要清理的对象
+     * @param {Object} config 配置项
+     * @param {Object} attackInfo 攻击信息收集对象
+     * @param {String} prefix 路径前缀
+     * @param {Boolean} hasXSS 是否已发现XSS
+     */
+    cleanObject(obj, config, attackInfo, prefix, hasXSS) {
+        if (!obj || typeof obj !== 'object') return;
+        for (let key in obj) {
+            const path = `${prefix}.${key}`;
+            if (typeof obj[key] === 'string') {
+                const original = obj[key];
+                const sanitized = this.sanitizeInput(original, config);
+                if (original !== sanitized) {
+                    obj[key] = sanitized;
+                    hasXSS = true;
+                    attackInfo[path] = { original, sanitized };
+                }
+            } else if (typeof obj[key] === 'object') {
+                this.cleanObject(obj[key], config, attackInfo, path, hasXSS);
+            }
+        }
+    }
+    /**
+     * 清理输入内容
+     * @param {String} input 输入内容
+     * @param {Object} config 配置项
+     * @returns {String} 清理后的内容
+     */
+    sanitizeInput(input, config) {
+        if (!input || typeof input !== 'string') return input;
+        let output = input;
+        // 根据模式选择清理方式
+        if (config.mode === 'sanitize' || config.mode === 'both') {
+            output = this.sanitizeHTML(output, config);
+        }
+        if (config.mode === 'encode' || config.mode === 'both') {
+            output = this.encodeHTML(output);
+        }
+        return output;
+    }
+    /**
+     * 清理HTML内容
+     * @param {String} html HTML内容
+     * @param {Object} config 配置项
+     * @returns {String} 清理后的内容
+     */
+    sanitizeHTML(html, config) {
+        // 简单的HTML标签清理实现
+        // 在生产环境中，可以使用更强大的库如DOMPurify
+        let clean = html;
+        // 移除所有脚本标签
+        clean = clean.replace(/<script[^>]*>.*?<\/script>/gi, '');
+        // 移除所有事件处理器
+        clean = clean.replace(/\s+on\w+\s*=\s*["\']?[^"\'>\s]+/gi, '');
+        // 移除危险的URL协议
+        clean = clean.replace(/(src|href|data|action)\s*=\s*["\']?(javascript|data|vbscript):/gi, '$1=');
+        return clean;
+    }
+    /**
+     * 编码HTML特殊字符
+     * @param {String} html HTML内容
+     * @returns {String} 编码后的内容
+     */
+    encodeHTML(html) {
+        return String(html)
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#39;');
+    }
+    /**
+     * 添加安全响应头
+     * @param {Object} ctx Koa上下文
+     */
+    addSecurityHeaders(ctx) {
+        // X-XSS-Protection 头
+        ctx.set('X-XSS-Protection', '1; mode=block');
+        // Content-Security-Policy 头
+        ctx.set('Content-Security-Policy', "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;");
+    }
+}
+// 创建中间件实例
+const middleware = new Middleware();
+// 导出符合系统期望的函数
+exports = module.exports = function(server, config) {
+    // 初始化中间件
+    const handlerFactory = middleware.init(config);
+    const middlewareHandler = handlerFactory();
+    // 直接使用server.use注册中间件
+    server.use(middlewareHandler);
+    // 记录中间件初始化信息
+    if ($.log && $.log.info) {
+        $.log.info(`XSS防护中间件已加载: 模式=${middleware.config.mode}, 过滤=${middleware.config.query ? 'query' : ''}${middleware.config.body ? ' body' : ''}${middleware.config.cookie ? ' cookie' : ''}`);
+    }
+    return server;
+};
+// 保留原始实例，以便其他方式调用
+exports.middleware = middleware;

package/middleware/waf_xss/middleware.json ADDED Viewed

@@ -0,0 +1,18 @@
+{
+  "name": "waf_xss",
+  "title": "XSS攻击防护中间件",
+  "type": "web_before",
+  "status": 1,
+  "sort": 10,
+  "desc": "提供全面的XSS攻击防护，包括输入过滤和安全响应头设置",
+  "config": {
+    "mode": "both",
+    "query": true,
+    "body": true,
+    "cookie": true,
+    "allowedTags": ["p", "span", "b", "i", "u", "strong", "em", "br"],
+    "allowedAttributes": ["id", "class", "style"],
+    "log": true,
+    "block": true
+  }
+}

package/middleware/web_before/middleware.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-	"name": "web_berofe",
+	"name": "web_before",
 	"title": "web请求前",
 	"description": "用于",
 	"version": "1.0",

package/middleware/web_socket/middleware.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
-	"name": "web_scoket",
-	"title": "webscoket通讯",
+	"name": "web_socket",
+	"title": "websocket通讯",
 	"description": "用于即时通讯",
 	"version": "1.0",
 	"type": "web",