mm_os 3.2.9 → 3.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/README.md +47 -1
  2. package/core/base/mqtt/index.js +1109 -1106
  3. package/core/base/web/index.js +245 -156
  4. package/core/com/event/README.md +4 -4
  5. package/core/com/event/com.json +3 -3
  6. package/core/com/event/config.tpl.json +18 -18
  7. package/core/com/event/drive.js +132 -132
  8. package/core/com/event/index.js +344 -344
  9. package/core/com/event/script.js +25 -25
  10. package/core/com/middleware/com.js +152 -151
  11. package/core/com/socket/config.tpl.json +2 -2
  12. package/core/com/socket/drive.js +2 -2
  13. package/core/com/socket/index.js +1 -1
  14. package/core/com/sql/drive.js +7 -7
  15. package/core/com/static/index.js +1 -1
  16. package/index.js +34 -5
  17. package/middleware/cors/index.js +112 -96
  18. package/middleware/cors/middleware.json +18 -7
  19. package/middleware/csrf/index.js +202 -0
  20. package/middleware/csrf/middleware.json +24 -0
  21. package/middleware/ip_firewall/index.js +476 -0
  22. package/middleware/ip_firewall/middleware.json +109 -0
  23. package/middleware/mqtt_base/middleware.json +2 -1
  24. package/middleware/security_audit/index.js +543 -0
  25. package/middleware/security_audit/middleware.json +48 -0
  26. package/middleware/waf/index.js +273 -7
  27. package/middleware/waf/middleware.json +2 -1
  28. package/middleware/waf_ddos/index.js +520 -0
  29. package/middleware/waf_ddos/middleware.json +38 -0
  30. package/middleware/waf_xss/index.js +269 -0
  31. package/middleware/waf_xss/middleware.json +18 -0
  32. package/middleware/web_after/middleware.json +2 -1
  33. package/middleware/web_base/middleware.json +2 -1
  34. package/middleware/web_before/middleware.json +3 -2
  35. package/middleware/web_check/middleware.json +2 -1
  36. package/middleware/web_main/middleware.json +2 -1
  37. package/middleware/web_proxy/middleware.json +2 -1
  38. package/middleware/web_render/middleware.json +2 -1
  39. package/middleware/web_socket/middleware.json +4 -3
  40. package/middleware/web_static/middleware.json +2 -1
  41. package/package.json +28 -15
  42. package/middleware/log/index.js +0 -32
  43. package/middleware/log/middleware.json +0 -9
  44. package/middleware/performance/index.js +0 -143
  45. package/middleware/performance/middleware.json +0 -16
  46. package/middleware/rate_limit/index.js +0 -112
  47. package/middleware/rate_limit/middleware.json +0 -10
  48. package/middleware/waf_ip/index.js +0 -168
  49. package/middleware/waf_ip/middleware.json +0 -10
  50. package/nodemon.json +0 -31
  51. package/package.txt +0 -1
  52. package/rps.bat +0 -3
  53. package/test.js +0 -10
  54. package/tps.bat +0 -3
  55. package/update.bat +0 -1
  56. package//347/263/273/347/273/237/346/236/266/346/236/204/350/257/204/344/274/260/344/270/216/344/274/230/345/214/226/345/273/272/350/256/256.md +0 -599
package/middleware/rate_limit/index.js DELETED
@@ -1,112 +0,0 @@
1
- /**
2
- * API速率限制中间件
3
- * 用于防止DoS攻击,限制客户端在一定时间内的请求频率
4
- * @param {Object} server 服务实例
5
- * @param {Object} config 配置参数
6
- */
7
- module.exports = function(server, config) {
8
- // 初始化速率限制配置
9
- const cg = {
10
- // 默认配置
11
- windowMs: 60, // 时间窗口,调整为1分钟(更精细的限制)
12
- maxRequests: 5000, // 每个时间窗口内的最大请求数,从1000提高到5000
13
- message: '请求过于频繁,请稍后再试', // 超过限制时的提示信息
14
- statusCode: 429, // 超过限制时的HTTP状态码
15
- // 白名单路径,这些路径不受速率限制
16
- whitelistPaths: [],
17
- // 合并用户配置
18
- ...(config && config.rate_limit ? config.rate_limit : {})
19
- };
20
-
21
- // 生成基于IP的唯一标识符
22
- function getClientKey(ctx) {
23
- // 优先使用X-Forwarded-For头部(如果有代理的话)
24
- const forwardedFor = ctx.headers['x-forwarded-for'];
25
- if (forwardedFor) {
26
- // 通常格式为:X-Forwarded-For: client, proxy1, proxy2
27
- return forwardedFor.split(',')[0].trim();
28
- }
29
- // 直接使用IP地址
30
- return ctx.ip;
31
- }
32
-
33
- // 使用Redis存储请求计数
34
- async function incrementRequestWithRedis(clientKey) {
35
- try {
36
- // 检查Redis是否可用
37
- if ($.cache && typeof $.cache.addInt === 'function') {
38
- const key = `rate_limit:${clientKey}`;
39
-
40
- // 使用addInt方法增加计数(mm_redis包提供的方法)
41
- const count = await $.cache.addInt(key, 1);
42
-
43
- // 设置过期时间
44
- await $.cache.ttl(key, Math.ceil(cg.windowMs));
45
-
46
- return count || 0;
47
- }
48
- } catch (error) {
49
- $.log.error('Redis速率限制失败:', error);
50
- }
51
-
52
- // Redis不可用时返回null,将使用内存存储
53
- return null;
54
- }
55
-
56
- // 中间件主逻辑
57
- server.use(async (ctx, next) => {
58
- try {
59
- // 跳过静态文件和favicon请求
60
- if (ctx.path === '/favicon.ico' || ctx.path.startsWith('/static/')) {
61
- await next();
62
- return;
63
- }
64
-
65
- // 检查是否是白名单路径
66
- if (cg.whitelistPaths && cg.whitelistPaths.some(path =>
67
- ctx.path === path || ctx.path.startsWith(path + '/'))) {
68
- await next();
69
- return;
70
- }
71
-
72
- // 获取客户端唯一标识符
73
- const clientKey = getClientKey(ctx);
74
-
75
- let requestCount = await incrementRequestWithRedis(clientKey);
76
-
77
- // 设置响应头部,告知客户端当前的限制状态
78
- ctx.set('X-RateLimit-Limit', cg.maxRequests);
79
- ctx.set('X-RateLimit-Remaining', Math.max(0, cg.maxRequests - requestCount));
80
-
81
- // 检查是否超过限制
82
- if (requestCount > cg.maxRequests) {
83
- $.log.warn(`API速率限制触发: ${clientKey} 请求 ${ctx.path} 次数过多`);
84
-
85
- ctx.status = cg.statusCode;
86
- ctx.body = {
87
- code: cg.statusCode,
88
- msg: cg.message
89
- };
90
-
91
- // 记录超过限制的请求
92
- if ($.log && $.log.warn) {
93
- $.log.warn(`速率限制触发: IP=${clientKey}, Path=${ctx.path}, Method=${ctx.method}`);
94
- }
95
-
96
- return;
97
- }
98
-
99
- // 继续处理请求
100
- await next();
101
- } catch (error) {
102
- $.log.error('速率限制中间件错误:', error);
103
- // 确保请求可以继续处理
104
- await next();
105
- }
106
- });
107
-
108
- // 记录中间件初始化信息
109
- $.log.info(`速率限制中间件已加载: ${cg.maxRequests}请求/${cg.windowMs}秒`);
110
-
111
- return server;
112
- };
package/middleware/rate_limit/middleware.json DELETED
@@ -1,10 +0,0 @@
1
- {
2
- "name": "rate_limit",
3
- "title": "API速率限制",
4
- "description": "限制客户端在一定时间内的请求频率,防止DoS攻击",
5
- "version": "1.0",
6
- "type": "web",
7
- "process_type": "common_before",
8
- "sort": 50,
9
- "script": "index.js"
10
- }
package/middleware/waf_ip/index.js DELETED
@@ -1,168 +0,0 @@
1
- const {
2
- exec
3
- } = require('child_process');
4
- const platform = require('os').platform();
5
-
6
- /**
7
- * 获取客户端IP
8
- * @param {Object} req 请求对象
9
- * @returns {String} 返回真实IP
10
- */
11
- function getClientIP(req) {
12
- var ip = req.headers['x-forwarded-for'] || req.headers['X-Forwarded-For'] || req.headers['x-real-ip'] ||
13
- req.connection.remoteAddress ||
14
- req.socket.remoteAddress ||
15
- req.connection.socket.remoteAddress;
16
- if (ip && ip.split(',').length > 0) {
17
- ip = ip.split(',')[0]; // 取第一个IP地址
18
- }
19
- return ip;
20
- };
21
-
22
- /**
23
- * 设置黑名单
24
- * @param {String} ip IP地址
25
- */
26
- function setting_blacklist(ip) {
27
- var cmd;
28
- if (platform == "win32") {
29
- // window 系统
30
- cmd =
31
- `netsh advfirewall firewall add rule name="Blacklist ${ip}" dir=in action=block remoteip="${ip}" protocol=any`
32
- } else {
33
- // linux 系统
34
- cmd = `sudo iptables -A INPUT -s ${ip} -j DROP`;
35
- }
36
-
37
- exec(cmd, (error, stdout, stderr) => {
38
- if (error) {
39
- console.error(`执行的错误: ${error}`);
40
- return;
41
- }
42
- $.log.info(`加入黑名单: ${ip}`);
43
- if (stderr) {
44
- console.error(`标准错误输出: ${stderr}`);
45
- }
46
- });
47
- }
48
-
49
- /**
50
- * IP防火墙
51
- * @param {Object} server 服务
52
- * @param {Object} config 配置参数
53
- */
54
- module.exports = function(server, config) {
55
- var limit = config.request_limit || 0;
56
- var duration = config.request_duration || 0;
57
- var block = config.request_block || false;
58
-
59
- if (limit && duration) {
60
- /* WAF(web防火墙) */
61
- server.use(async (ctx, next) => {
62
- try {
63
- var pass = true;
64
- // 获取IP
65
- var ip = getClientIP(ctx.req);
66
- var num = 1;
67
- var now = new Date();
68
- var date = now.toStr('yyyy-MM-dd');
69
- var time;
70
- var json;
71
- try {
72
- var str = await $.cache.get("ip_" + ip);
73
- if (str) {
74
- if (typeof(str) === "string") {
75
- try {
76
- json = JSON.parse(str);
77
- } catch (jsonError) {
78
- $.log.error('WAF IP中间件JSON解析错误:', jsonError);
79
- json = null;
80
- }
81
- } else {
82
- json = str;
83
- }
84
- if (json) {
85
- try {
86
- if (json.date !== date) {
87
- num = 1;
88
- } else {
89
- // 判断时间间隔是否在范围外
90
- // 安全地处理json.time,无论它是字符串还是对象
91
- if (typeof json.time === 'string') {
92
- // 如果json.time是字符串,尝试解析它
93
- const savedTime = new Date(json.time);
94
- if (!isNaN(savedTime.getTime()) && (now - savedTime) > duration) {
95
- num = 1;
96
- } else {
97
- // 如果是在周期内,访问次数+1,并判断是否超出上限
98
- num = json.num + 1;
99
- if (num > limit) {
100
- // 超出上限禁止访问,并加入黑名单
101
- pass = false;
102
- if (block) {
103
- setting_blacklist(ip);
104
- }
105
- }
106
- }
107
- } else if (json.time && json.time.toTime && typeof json.time.toTime().interval === 'function') {
108
- // 原有逻辑,处理对象类型的时间
109
- if (json.time.toTime().interval(now) > duration) {
110
- num = 1;
111
- } else {
112
- // 如果是在周期内,访问次数+1,并判断是否超出上限
113
- num = json.num + 1;
114
- if (num > limit) {
115
- // 超出上限禁止访问,并加入黑名单
116
- pass = false;
117
- if (block) {
118
- setting_blacklist(ip);
119
- }
120
- }
121
- }
122
- } else {
123
- // 默认情况:如果时间格式不正确,重置计数
124
- num = 1;
125
- }
126
- }
127
- } catch (timeError) {
128
- $.log.error('WAF IP中间件时间处理错误:', timeError);
129
- // 出错时重置计数以保证安全
130
- num = 1;
131
- }
132
- }
133
- }
134
- } catch (cacheError) {
135
- $.log.error('WAF IP中间件缓存操作错误:', cacheError);
136
- // 缓存出错时,默认允许请求通过
137
- }
138
- if (!time) {
139
- time = now.toStr('yyyy-MM-dd hh:mm:ss');
140
- }
141
- if (pass) {
142
- try {
143
- await $.cache.set("ip_" + ip, JSON.stringify({
144
- date,
145
- time,
146
- num
147
- }), duration);
148
- } catch (setCacheError) {
149
- $.log.error('WAF IP中间件缓存设置错误:', setCacheError);
150
- // 缓存设置失败不影响请求处理
151
- }
152
- ctx.request.ip = ip;
153
- ctx.ip = ip;
154
- await next();
155
- } else {
156
- ctx.status = 429;
157
- ctx.body = '请求频率过高,请稍后再试。';
158
- }
159
- } catch (error) {
160
- $.log.error('WAF IP中间件错误:', error);
161
- // 出错时默认允许请求通过
162
- ctx.ip = getClientIP(ctx.req);
163
- await next();
164
- }
165
- });
166
- }
167
- return server;
168
- };
package/middleware/waf_ip/middleware.json DELETED
@@ -1,10 +0,0 @@
1
- {
2
- "name": "web_waf_ip",
3
- "title": "IP防火墙",
4
- "description": "用于防止DOS攻击",
5
- "version": "1.0",
6
- "type": "web",
7
- "process_type": "common_before",
8
- "sort": 10,
9
- "state": 0
10
- }
package/nodemon.json DELETED
@@ -1,31 +0,0 @@
1
- {
2
- "restartable": "rs",
3
- "ignore": [
4
- ".git",
5
- ".svn",
6
- "cache",
7
- "log",
8
- "node_modules/**/node_modules",
9
- "**/cache/**",
10
- "game/data",
11
- "**/conf.json",
12
- "*/static/*/*.json",
13
- "*/static/*.js"
14
- ],
15
- "verbose": true,
16
- "execMap": {
17
- "": "node",
18
- "js": "node --harmony"
19
- },
20
- "watch": [
21
- "demo",
22
- "lib",
23
- "core",
24
- "test"
25
- ],
26
- "env": {
27
- "NODE_ENV": "development"
28
- },
29
- "ext": "js ts json",
30
- "legacy-watch": false
31
- }
package/package.txt DELETED
@@ -1 +0,0 @@
1
- mm_check mm_excel mm_expand mm_html mm_koa_proxy mm_logs mm_machine mm_mongodb mm_mqtt mm_mysql mm_redis mm_ret mm_session mm_statics mm_tpl mm_xml
package/rps.bat DELETED
@@ -1,3 +0,0 @@
1
- @echo off
2
- loadtest http://localhost:5000/test/helloworld -t 20 -c 10 --keepalive --rps 1000
3
- pause
package/test.js DELETED
@@ -1,10 +0,0 @@
1
- var OS = require("./index.js");
2
-
3
- $.sql = $.mysql_admin('sys', __dirname);
4
- $.sql.config.database = "face";
5
- $.sql.config.password = "Asd159357";
6
- $.sql.open();
7
-
8
- var os = new OS();
9
-
10
- os.run();
package/tps.bat DELETED
@@ -1,3 +0,0 @@
1
- @echo off
2
- loadtest -n 10000 -s TLSv1_method http://localhost:5000/ws/tt
3
- pause
package/update.bat DELETED
@@ -1 +0,0 @@
1
- npm i mm_check mm_excel mm_expand mm_html mm_koa_proxy mm_logs mm_machine mm_mongodb mm_mqtt mm_mysql mm_redis mm_ret mm_session mm_statics mm_tpl mm_xml