mm_os 3.3.0 → 3.3.1

package/middleware/security_audit/middleware.json

@@ -2,7 +2,7 @@
   "name": "security_audit",
   "title": "综合日志审计系统",
   "type": "security",
-  "status": 1,
+  "state": 1,
   "sort": 20,
   "description": "合并了轻量级HTTP请求日志和安全审计功能的综合日志审计系统",
   "config": {
@@ -17,8 +17,8 @@
       "compress": true
     },
     "database": {
-      "type": "mongodb",
-      "collection": "security_audit_logs"
+      "type": "mysql",
+      "collection": "sys_audit_log"
     },
     "events": {
       "authentication": true,

package/middleware/waf/index.js

@@ -155,10 +155,21 @@ function getClientIP(req) {
  * @returns {Boolean} 是否在白名单中
  */
 function isInWhitelist(ip, config) {
-	// 获取配置中的白名单，如果不存在则使用默认白名单
+	// 优先使用全局IP管理器
+	try {
+		var { is_ip_in_whitelist } = require('../../tools/ip_manager/ip.manager.global.js');
+		if (is_ip_in_whitelist(ip)) {
+			return true;
+		}
+	} catch (error) {
+		// 如果全局IP管理器不可用，使用本地配置
+		$.log.warn('全局IP管理器不可用，使用本地WAF白名单配置');
+	}
+	
+	// 使用本地配置作为备用
 	const whitelist = config && config.ip_whitelist && Array.isArray(config.ip_whitelist)
 		? config.ip_whitelist
-		: ['127.0.0.1', '::1', 'localhost', '192.168.31.5'];
+		: ['127.0.0.1', '::1', 'localhost'];
 	
 	return whitelist.includes(ip);
 }
@@ -188,12 +199,11 @@ module.exports = function(server, config) {
 	// 设置默认配置
 	const defaultConfig = {
 		log: true,
-		ip_whitelist: ['127.0.0.1', '::1', 'localhost', '192.168.31.5'],
+		ip_whitelist: ['127.0.0.1', '::1', 'localhost'],
 		path_whitelist: ['/static', '/favicon.ico', '/api', '/public', '/assets']
 	};
 	
-	// 强制输出初始化日志
-	console.log('WAF MIDDLEWARE INITIALIZED');
+	// WAF中间件已初始化
 	
 	// 获取全局配置中的middleware.waf配置
 	let wafConfig = defaultConfig;
@@ -207,13 +217,13 @@ module.exports = function(server, config) {
 			if (globalConfig.middleware && globalConfig.middleware.waf) {
 				// 安全地合并默认配置和全局配置
 				wafConfig = Object.assign({}, defaultConfig, globalConfig.middleware.waf);
-				console.log('WAF using global config from config.json');
+				// WAF使用config.json中的全局配置
 			} else {
-				console.log('WAF using default config (no middleware.waf in config.json)');
+				// WAF使用默认配置（config.json中无middleware.waf配置）
 			}
 		}
 	} catch (error) {
-		console.error('Error loading global WAF config:', error.message);
+		// 全局WAF配置加载错误已通过日志系统记录
 		// 出错时使用默认配置
 		wafConfig = defaultConfig;
 	}
@@ -228,7 +238,7 @@ module.exports = function(server, config) {
 	
 	// 合并传入的config和全局配置
 	const mergedConfig = { ...wafConfig, ...(config || {}) };
-	console.log('Merged WAF Config:', JSON.stringify(mergedConfig));
+	// 合并后的WAF配置已生效
 	
 	/* WAF（web防火墙） */
 	server.use(async (ctx, next) => {
@@ -243,23 +253,18 @@ module.exports = function(server, config) {
 			// 获取请求路径
 			const path = ctx.path;
 			
-			// 强制输出请求处理日志
-			console.log('WAF PROCESSING REQUEST');
-			console.log('URL:', ctx.url);
-			console.log('Path:', path);
-			console.log('Method:', ctx.method);
-			console.log('IP:', ip);
+			// WAF正在处理请求
 			
 			// 检查IP是否在白名单中，如果是则跳过所有检查
 			if (isInWhitelist(ip, mergedConfig)) {
-				console.log(`WAF: IP ${ip} in whitelist, skipping checks`);
+				// IP在白名单中，跳过安全检查
 				await next();
 				return;
 			}
 			
 			// 检查路径是否在白名单中
 			if (isPathWhitelisted(path, mergedConfig)) {
-				console.log(`WAF: Path ${path} in whitelist, skipping checks`);
+				// 路径在白名单中，跳过安全检查
 				await next();
 				return;
 			}
@@ -268,12 +273,9 @@ module.exports = function(server, config) {
 			var url = ctx.url;
 			
 			// 1. 使用正则表达式检查基本攻击特征
-			console.log('Step 1: Basic attack pattern check');
 			var danger = waf_check(url);
-			console.log('WAF check result:', danger ? danger.toString() : 'safe');
 			if (danger) {
-				console.warn(`BLOCKED ATTACK from IP ${ip}:`, danger.toString());
-				// 阻止攻击请求，返回403禁止访问
+				// 检测到攻击请求，已阻止
 				ctx.status = 403;
 				ctx.body = {
 					code: 403,
@@ -284,13 +286,11 @@ module.exports = function(server, config) {
 			}
 			
 			// 2. 专门检查路径遍历攻击
-			console.log('Step 2: Path traversal check');
 			const hasTraversal = checkPathTraversal(path);
 			const isSafe = isSafePath(path);
-			console.log('Path traversal check results:', { path, hasTraversal, isSafe });
 			
 			if (hasTraversal || !isSafe) {
-				console.warn(`BLOCKED PATH TRAVERSAL from IP ${ip}:`, path);
+				// 检测到路径遍历攻击，已阻止
 				ctx.status = 403;
 				ctx.body = {
 					code: 403,
@@ -300,14 +300,12 @@ module.exports = function(server, config) {
 			}
 			
 			// 3. 检查请求参数中的路径遍历
-			console.log('Step 3: Query parameter traversal check');
 			const queryParams = ctx.query;
 			for (const [key, value] of Object.entries(queryParams)) {
 				if (typeof value === 'string') {
 					const paramHasTraversal = checkPathTraversal(value);
-					console.log('Param check:', { key, value, paramHasTraversal });
 					if (paramHasTraversal) {
-						console.warn(`BLOCKED PARAM TRAVERSAL from IP ${ip}:`, `${key}=${value}`);
+						// 检测到请求参数中的路径遍历攻击，已阻止
 						ctx.status = 403;
 						ctx.body = {
 							code: 403,
@@ -319,13 +317,11 @@ module.exports = function(server, config) {
 			}
 			
 			// 4. 如果是POST请求，检查请求体
-			console.log('Step 4: POST body traversal check');
 			if (ctx.method === 'POST' && ctx.request.body) {
 				const bodyContent = JSON.stringify(ctx.request.body);
 				const bodyHasTraversal = checkPathTraversal(bodyContent);
-				console.log('Body check results:', bodyHasTraversal);
 				if (bodyHasTraversal) {
-					console.warn(`BLOCKED BODY TRAVERSAL from IP ${ip}`);
+					// 检测到请求体中的路径遍历攻击，已阻止
 					ctx.status = 403;
 					ctx.body = {
 						code: 403,
@@ -335,11 +331,10 @@ module.exports = function(server, config) {
 				}
 			}
 			
-			console.log('WAF: All checks passed, continuing request');
 			// 所有检查通过，继续处理请求
 			await next();
 		} catch (error) {
-			console.error('WAF MIDDLEWARE ERROR:', error);
+			// WAF中间件错误已通过日志系统记录
 			// 出错时默认允许请求继续处理
 			await next();
 		}

package/middleware/waf_ddos/index.js

@@ -24,7 +24,7 @@ class Middleware {
 				// 时间窗口(毫秒)
 				window_ms: 60000,
 				// 每个IP在时间窗口内的最大请求数
-				max_requests: 100,
+				max_requests: 500,
 				// 是否启用
 				enable: true
 			},
@@ -33,7 +33,7 @@ class Middleware {
 				// 时间窗口(毫秒)
 				window_ms: 60000,
 				// 每个IP对每个路径在时间窗口内的最大请求数
-				max_requests: 50,
+				max_requests: 250,
 				// 是否启用
 				enable: true
 			},

package/middleware/waf_ddos/middleware.json

@@ -2,7 +2,7 @@
   "name": "waf_ddos",
   "title": "综合流量控制与DDOS攻击防护中间件",
   "type": "web_before",
-  "status": 1,
+  "state": 1,
   "sort": 12,
   "desc": "提供DDOS攻击防护和速率限制，包括IP限流、路径限流、连接控制和IP封禁功能",
   "config": {
@@ -10,12 +10,12 @@
     "storage": "memory",
     "ip_rate_limit": {
       "window_ms": 60000,
-      "max_requests": 100,
+      "max_requests": 500,
       "enable": true
     },
     "path_rate_limit": {
       "window_ms": 60000,
-      "max_requests": 50,
+      "max_requests": 250,
       "enable": true
     },
     "connection_limit": {

package/middleware/waf_xss/index.js

@@ -241,7 +241,7 @@ class Middleware {
         ctx.set('X-XSS-Protection', '1; mode=block');
         
         // Content-Security-Policy 头
-        ctx.set('Content-Security-Policy', "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;");
+		ctx.set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;");
     }
 }
 

package/middleware/waf_xss/middleware.json

@@ -2,7 +2,7 @@
   "name": "waf_xss",
   "title": "XSS攻击防护中间件",
   "type": "web_before",
-  "status": 1,
+  "state": 1,
   "sort": 10,
   "desc": "提供全面的XSS攻击防护，包括输入过滤和安全响应头设置",
   "config": {

package/middleware/web_after/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "common_before",
-	"sort": 150
+	"sort": 150,
+	"state": 1
 }

package/middleware/web_base/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "common_before",
-	"sort": 70
+	"sort": 70,
+	"state": 1
 }

package/middleware/web_before/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "common_before",
-	"sort": 80
+	"sort": 80,
+	"state": 1
 }

package/middleware/web_check/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "common_before",
-	"sort": 90
+	"sort": 90,
+	"state": 1
 }

package/middleware/web_main/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "common_before",
-	"sort": 100
+	"sort": 100,
+	"state": 1
 }

package/middleware/web_proxy/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "worker",
-	"sort": 110
+	"sort": 110,
+	"state": 1
 }

package/middleware/web_render/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "common_before",
-	"sort": 120
+	"sort": 120,
+	"state": 1
 }

package/middleware/web_socket/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "master",
-	"sort": 130
+	"sort": 130,
+	"state": 1
 }

package/middleware/web_static/middleware.json

@@ -5,5 +5,6 @@
 	"version": "1.0",
 	"type": "web",
 	"process_type": "worker",
-	"sort": 140
+	"sort": 140,
+	"state": 1
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "mm_os",
-	"version": "3.3.0",
+	"version": "3.3.1",
 	"description": "这是超级美眉服务端框架，用于快速构建应用程序。",
 	"main": "index.js",
 	"scripts": {
@@ -41,23 +41,25 @@
 	],
 	"dependencies": {
 		"compressing": "^2.0.0",
-		"koa": "^3.0.1",
-		"koa-body": "^6.0.1",
+		"js-beautify": "^1.15.4",
+		"koa": "^3.1.1",
+		"koa-body": "^7.0.0",
 		"koa-compress": "^5.1.1",
 		"koa-send": "^5.0.1",
 		"koa-websocket": "^7.0.0",
 		"mm_check": "^1.5.0",
-		"mm_email": "^1.0.3",
+		"mm_email": "^1.0.5",
 		"mm_excel": "^1.2.2",
-		"mm_expand": "^1.8.3",
+		"mm_expand": "^1.8.8",
 		"mm_html": "^1.1.7",
+		"mm_https": "^1.6.3",
 		"mm_koa_proxy": "^1.0.1",
-		"mm_logs": "^1.2.0",
-		"mm_machine": "^2.0.1",
-		"mm_mongodb": "^1.4.4",
+		"mm_logs": "^1.5.3",
+		"mm_machine": "^2.0.5",
+		"mm_mongodb": "^1.5.0",
 		"mm_mqtt": "^1.0.7",
-		"mm_mysql": "^2.0.2",
-		"mm_redis": "^1.4.2",
+		"mm_mysql": "^2.1.0",
+		"mm_redis": "^2.0.2",
 		"mm_ret": "^1.4.1",
 		"mm_session": "^1.5.0",
 		"mm_statics": "^1.5.1",
@@ -66,4 +68,4 @@
 		"mosca": "^2.8.3",
 		"mqtt": "^5.14.1"
 	}
-}
+}

package/middleware/performance/index.js

@@ -1,151 +0,0 @@
-/**
- * 请求性能监控中间件
- * 记录请求响应时间，监控慢请求，提供性能数据收集
- */
-module.exports = function(server, config) {
-	if (config.web && !config.web.performance) {
-		return server;
-	}
-
-	// 默认配置
-	const cg = Object.assign({
-		slowThreshold: 1000, // 慢请求阈值，单位毫秒
-		enableMetrics: true, // 是否启用性能指标收集
-		ignorePaths: [] // 忽略监控的路径
-	}, config);
-
-	// 性能监控数据收集器
-	const performanceData = {
-		counters: new Map(), // 请求计数器
-		responseTimes: new Map(), // 响应时间数据
-		slowRequests: [] // 慢请求记录
-	};
-
-	// 全局性能监控对象
-	$.performanceMonitor = {
-		record: function(path, responseTime) {
-			if (!cg.enableMetrics) return;
-
-			// 更新请求计数
-			if (!performanceData.counters.has(path)) {
-				performanceData.counters.set(path, 1);
-				performanceData.responseTimes.set(path, {
-					sum: responseTime,
-					count: 1,
-					min: responseTime,
-					max: responseTime
-				});
-			} else {
-				performanceData.counters.set(path, performanceData.counters.get(path) + 1);
-				const stats = performanceData.responseTimes.get(path);
-				stats.sum += responseTime;
-				stats.count += 1;
-				stats.min = Math.min(stats.min, responseTime);
-				stats.max = Math.max(stats.max, responseTime);
-			}
-
-			// 记录慢请求
-			if (responseTime > cg.slowThreshold) {
-				performanceData.slowRequests.push({
-					path: path,
-					time: new Date(),
-					responseTime: responseTime
-				});
-				// 限制慢请求记录数量
-				if (performanceData.slowRequests.length > 1000) {
-					performanceData.slowRequests.shift();
-				}
-			}
-		},
-
-		getStats: function() {
-			const result = {};
-			performanceData.counters.forEach((count, path) => {
-				const times = performanceData.responseTimes.get(path);
-				result[path] = {
-					count: count,
-					avg: times.sum / times.count,
-					min: times.min,
-					max: times.max
-				};
-			});
-			return result;
-		},
-
-		getSlowRequests: function(limit = 100) {
-			return performanceData.slowRequests.slice(-limit);
-		},
-
-		reset: function() {
-			performanceData.counters.clear();
-			performanceData.responseTimes.clear();
-			performanceData.slowRequests = [];
-		}
-	};
-
-	// 性能监控中间件
-	server.use(async (ctx, next) => {
-		// 检查是否需要忽略此路径
-		const shouldIgnore = cg.ignorePaths.some(pattern => {
-			if (typeof pattern === 'string') {
-				return ctx.path === pattern;
-			} else if (pattern instanceof RegExp) {
-				return pattern.test(ctx.path);
-			}
-			return false;
-		});
-
-		if (shouldIgnore) {
-			await next();
-			return;
-		}
-
-		const start = Date.now();
-		const startTime = process.hrtime();
-
-		try {
-			await next();
-		} finally {
-			const ms = Date.now() - start;
-			const [seconds, nanoseconds] = process.hrtime(startTime);
-			const executionTime = seconds * 1000 + nanoseconds / 1000000;
-
-			// 设置响应时间头
-			ctx.set('X-Response-Time', `${ms}ms`);
-
-			// 记录性能数据
-			$.performanceMonitor.record(ctx.path, ms);
-
-			// 慢请求报警
-			if (ms > cg.slowThreshold) {
-				const clientIP = ctx.headers['x-forwarded-for'] || ctx.ip;
-				$.log.warn(`【慢请求】 ${ctx.method} ${ctx.path} - ${ms}ms - ${clientIP}`);
-
-				// 如果是非常慢的请求（超过阈值的2倍），记录更多信息
-				if (ms > cg.slowThreshold * 2) {
-					const userAgent = ctx.headers['user-agent'] || 'unknown';
-					let requestData = '';
-					try {
-						if (ctx.method !== 'GET' && ctx.request.body) {
-							const bodyStr = JSON.stringify(ctx.request.body);
-							// 限制记录的请求体大小
-							requestData = bodyStr.length > 1024 ? bodyStr.substring(0, 1024) + '...' :
-								bodyStr;
-						}
-					} catch (e) {
-						requestData = '[无法序列化请求体]';
-					}
-
-					$.log.warn(
-						`【慢请求详情】路径: ${ctx.path}, 方法: ${ctx.method}, 耗时: ${ms}ms, IP: ${clientIP}, UA: ${userAgent.substring(0, 200)}`
-						);
-					if (requestData) {
-						$.log.warn(`【慢请求数据】${requestData}`);
-					}
-				}
-			}
-		}
-	});
-
-	return server;
-};

package/middleware/performance/middleware.json

@@ -1,16 +0,0 @@
-{
-  "name": "performance",
-  "title": "性能监控",
-  "description": "记录请求响应时间，监控慢请求，提供性能数据收集",
-  "mode": "web",
-  "priority": 10,
-  "config": {
-    "slowThreshold": 1000,
-    "enableMetrics": true,
-    "ignorePaths": [
-      "/favicon.ico",
-      "/robots.txt",
-      "/static/"
-    ]
-  }
-}