npm - mm_os - Versions diffs - 3.3.0 → 4.0.0 - Mend

mm_os 3.3.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/LICENSE +21 -201
package/README.md +491 -99
package/README_EN.md +498 -0
package/adapter/adapter.js +431 -0
package/adapter/custom_persistence.js +660 -0
package/adapter/mqtt.js +273 -0
package/adapter/socket.js +113 -0
package/adapter/web.js +67 -0
package/adapter/websocket.js +146 -0
package/com/api/com.json +5 -0
package/{core/com → com}/api/config.tpl.json +8 -8
package/com/api/drive.js +708 -0
package/com/api/index.js +198 -0
package/com/api/oauth.js +200 -0
package/com/api/script.tpl.js +32 -0
package/com/cmd/README.md +11 -0
package/com/cmd/com.json +5 -0
package/com/cmd/config.tpl.json +122 -0
package/com/cmd/drive.js +1548 -0
package/com/cmd/index.js +1066 -0
package/com/cmd/msg.json +48 -0
package/com/cmd/nlp.js +525 -0
package/com/cmd/script.tpl.js +32 -0
package/com/db/com.json +5 -0
package/com/db/drive.js +1999 -0
package/com/db/index.js +242 -0
package/com/event/com.json +5 -0
package/{core/com → com}/event/config.tpl.json +8 -8
package/com/event/drive.js +59 -0
package/com/event/index.js +409 -0
package/com/event/script.tpl.js +23 -0
package/com/mqtt/com.json +5 -0
package/{core/com → com}/mqtt/config.tpl.json +3 -5
package/com/mqtt/drive.js +676 -0
package/com/mqtt/index.js +822 -0
package/com/mqtt/mm_mqtt.js +425 -0
package/com/mqtt/script.tpl.js +723 -0
package/com/nav/com.json +5 -0
package/com/nav/config.tpl.json +84 -0
package/com/nav/drive.js +702 -0
package/com/nav/index.js +231 -0
package/{core/com → com}/nav/tpl/admin_pc/page_config.vue +280 -280
package/{core/com → com}/nav/tpl/admin_pc/page_config_form.vue +194 -194
package/com/nav/tpl/admin_pc/page_form.vue +180 -0
package/com/nav/tpl/admin_pc/page_view.vue +124 -0
package/com/nav/tpl/dev_pc/page_default.vue +247 -0
package/com/nav/tpl/dev_pc/page_type.vue +313 -0
package/com/nav/tpl/home_pc/page_default.vue +234 -0
package/com/nav/tpl/home_pc/page_form.vue +137 -0
package/com/nav/tpl/home_pc/page_list.vue +234 -0
package/com/nav/tpl/home_pc/page_nav.vue +221 -0
package/com/nav/tpl/home_pc/page_type.vue +234 -0
package/com/nav/tpl/home_pc/page_view.vue +125 -0
package/com/nav/tpl/home_phone/page_channel.vue +234 -0
package/com/nav/tpl/home_phone/page_default.vue +234 -0
package/com/nav/tpl/home_phone/page_form.vue +137 -0
package/com/nav/tpl/home_phone/page_nav.vue +237 -0
package/com/nav/tpl/home_phone/page_type.vue +234 -0
package/com/nav/tpl/home_phone/page_view.vue +125 -0
package/com/nav/viewmodel.js +446 -0
package/com/param/com.json +5 -0
package/{core/com → com}/param/config.tpl.json +7 -1
package/com/param/drive.js +502 -0
package/com/param/index.js +155 -0
package/com/param/script.tpl.js +12 -0
package/com/pendant/com.json +5 -0
package/{core/com/component → com/pendant}/config.tpl.json +15 -13
package/com/pendant/drive.js +204 -0
package/com/pendant/index.js +441 -0
package/com/pendant/pendant.html +16 -0
package/com/pendant/script.tpl.js +18 -0
package/com/socket/com.json +5 -0
package/com/socket/config.tpl.json +12 -0
package/com/socket/drive.js +651 -0
package/com/socket/index.js +351 -0
package/com/socket/script.tpl.js +41 -0
package/com/sql/com.json +5 -0
package/{core/com → com}/sql/config.tpl.json +13 -9
package/com/sql/drive.js +1259 -0
package/com/sql/index.js +150 -0
package/com/sql/script.tpl.js +47 -0
package/com/static/com.json +5 -0
package/{core/com → com}/static/config.tpl.json +10 -6
package/com/static/drive.js +194 -0
package/com/static/index.js +226 -0
package/com/static/script.tpl.js +28 -0
package/com/task/com.json +5 -0
package/{core/com → com}/task/config.tpl.json +4 -6
package/com/task/drive.js +405 -0
package/com/task/index.js +148 -0
package/com/task/script.tpl.js +37 -0
package/com/template/com.json +5 -0
package/com/template/config.tpl.json +16 -0
package/com/template/drive.js +80 -0
package/com/template/index.js +141 -0
package/com.js +156 -0
package/common/README.md +2 -0
package/common/handler/msg/handler.json +22 -0
package/common/handler/msg/index.js +23 -0
package/common/handler/player/handler.json +22 -0
package/common/handler/player/index.js +287 -0
package/common/handler/user/handler.json +22 -0
package/common/handler/user/index.js +23 -0
package/common/middleware/web_after/index.js +29 -0
package/common/middleware/web_after/middleware.json +9 -0
package/common/middleware/web_base/index.js +113 -0
package/common/middleware/web_base/middleware.json +19 -0
package/common/middleware/web_before/index.js +33 -0
package/common/middleware/web_before/middleware.json +9 -0
package/common/middleware/web_cors/index.js +87 -0
package/common/middleware/web_cors/middleware.json +24 -0
package/common/middleware/web_error/index.js +119 -0
package/common/middleware/web_error/middleware.json +18 -0
package/common/middleware/web_ip/index.js +15 -0
package/common/middleware/web_ip/middleware.json +14 -0
package/common/middleware/web_logger/index.js +156 -0
package/common/middleware/web_logger/middleware.json +14 -0
package/common/middleware/web_main/index.js +24 -0
package/common/middleware/web_main/middleware.json +9 -0
package/common/middleware/web_static/index.js +73 -0
package/common/middleware/web_static/middleware.json +54 -0
package/common/middleware/web_waf/index.js +385 -0
package/common/middleware/web_waf/middleware.json +13 -0
package/common/model/msg/index.js +88 -0
package/common/model/msg/model.json +401 -0
package/common/model/player/index.js +63 -0
package/common/model/player/model.json +185 -0
package/common/model/user/index.js +11 -0
package/common/model/user/model.json +219 -0
package/core/app/config.tpl.json +67 -0
package/core/app/index.js +632 -0
package/core/app/script.tpl.js +52 -0
package/core/channel/index.js +899 -0
package/core/channel/matcher.js +585 -0
package/core/com/config.tpl.json +16 -0
package/core/com/index.js +74 -0
package/core/com/script.tpl.js +5 -0
package/core/component/component.js +42 -0
package/core/component/config.tpl.json +63 -0
package/core/component/index.js +273 -0
package/core/component/script.tpl.js +19 -0
package/core/controller/config.tpl.json +14 -0
package/core/controller/index.js +373 -0
package/core/controller/script.tpl.js +27 -0
package/core/factory/config.tpl.json +14 -0
package/core/factory/entity.js +275 -0
package/core/factory/index.js +241 -0
package/core/factory/script.tpl.js +16 -0
package/core/game/bat/index.js +137 -0
package/core/game/bat/world.js +622 -0
package/core/game/config.tpl.json +16 -0
package/core/game/entity_admin.js +230 -0
package/core/game/index.js +186 -0
package/core/handler/config.tpl.json +22 -0
package/core/handler/index.js +181 -0
package/core/handler/script.tpl.js +23 -0
package/core/logic/config.tpl.json +14 -0
package/core/logic/index.js +59 -0
package/core/logic/script.tpl.js +19 -0
package/core/middleware/config.tpl.json +16 -0
package/core/middleware/index.js +125 -0
package/core/middleware/script.tpl.js +37 -0
package/core/mod/config.tpl.json +22 -0
package/core/mod/index.js +130 -0
package/core/mod/script.tpl.js +34 -0
package/core/model/config.tpl.json +219 -0
package/core/model/index.js +272 -0
package/core/model/model.js +27 -0
package/core/model/script.tpl.js +20 -0
package/core/notifier/config.tpl.json +14 -0
package/core/notifier/index.js +77 -0
package/core/notifier/script.tpl.js +20 -0
package/core/plugin/config.tpl.json +24 -0
package/core/plugin/index.js +232 -0
package/core/plugin/script.tpl.js +51 -0
package/core/pusher/config.tpl.json +14 -0
package/core/pusher/index.js +161 -0
package/core/pusher/script.tpl.js +20 -0
package/core/room/bat/index.js +170 -0
package/core/room/bat/room.js +524 -0
package/core/room/config.tpl.json +20 -0
package/core/room/index.js +249 -0
package/core/room/room.js +61 -0
package/core/scene/config.tpl.json +14 -0
package/core/scene/index.js +466 -0
package/core/scene/loop.js +1255 -0
package/core/scene/map.js +28 -0
package/core/scene/script.tpl.js +22 -0
package/core/sender/config.tpl.json +14 -0
package/core/sender/index.js +79 -0
package/core/sender/script.tpl.js +20 -0
package/core/service/config.tpl.json +14 -0
package/core/service/index.js +100 -0
package/core/service/script.tpl.js +25 -0
package/core/store/config.tpl.json +26 -0
package/core/store/index.js +1755 -0
package/core/store/script.tpl.js +22 -0
package/core/store/sql.js +1464 -0
package/core/system/config.tpl.json +18 -0
package/core/system/index.js +312 -0
package/core/system/script.tpl.js +77 -0
package/core/view/config.tpl.json +14 -0
package/core/view/index.js +91 -0
package/core/view/script.tpl.js +20 -0
package/core/zone/bat/index.js +725 -0
package/core/zone/config.tpl.json +54 -0
package/core/zone/index.js +614 -0
package/core/zone/script.tpl.js +10 -0
package/core/zone/zone_bat.js +136 -0
package/core//345/237/272/347/261/273/346/250/241/345/235/227/346/270/205/345/215/225.md +24 -0
package/index.js +17 -314
package/os.js +57 -0
package/package.json +60 -58
package/server.js +598 -0
package/README.en.md +0 -36
package/conf.json +0 -3
package/core/base/mqtt/index.js +0 -1107
package/core/base/mqtt/lib.js +0 -40
package/core/base/web/index.js +0 -243
package/core/com/api/com.json +0 -4
package/core/com/api/drive.js +0 -668
package/core/com/api/index.js +0 -108
package/core/com/api/oauth.js +0 -158
package/core/com/api/script.js +0 -32
package/core/com/app/README.md +0 -3
package/core/com/app/com.json +0 -4
package/core/com/app/config.tpl.json +0 -16
package/core/com/app/drive.js +0 -309
package/core/com/app/index.js +0 -211
package/core/com/app/script.js +0 -155
package/core/com/cmd/com.json +0 -4
package/core/com/cmd/config.tpl.json +0 -66
package/core/com/cmd/drive.js +0 -513
package/core/com/cmd/index.js +0 -354
package/core/com/cmd/old/5w2h.js +0 -54
package/core/com/cmd/old/drive.js +0 -423
package/core/com/cmd/script.js +0 -11
package/core/com/component/README.md +0 -3
package/core/com/component/com.json +0 -4
package/core/com/component/component.html +0 -16
package/core/com/component/drive.js +0 -197
package/core/com/component/index.js +0 -312
package/core/com/component/script.js +0 -18
package/core/com/db/com.json +0 -4
package/core/com/db/drive.js +0 -1160
package/core/com/db/index.js +0 -176
package/core/com/event/com.json +0 -4
package/core/com/event/drive.js +0 -133
package/core/com/event/index.js +0 -345
package/core/com/event/script.js +0 -26
package/core/com/eventer/com.js +0 -477
package/core/com/eventer/com.json +0 -4
package/core/com/middleware/com.js +0 -153
package/core/com/middleware/com.json +0 -4
package/core/com/middleware/config.tpl.json +0 -8
package/core/com/middleware/script.js +0 -9
package/core/com/mqtt/com.json +0 -4
package/core/com/mqtt/drive.js +0 -600
package/core/com/mqtt/index.js +0 -572
package/core/com/mqtt/mm_mqtt.js +0 -330
package/core/com/mqtt/script.js +0 -604
package/core/com/msg/com.js +0 -296
package/core/com/msg/com.json +0 -4
package/core/com/nav/com.json +0 -4
package/core/com/nav/config.tpl.json +0 -75
package/core/com/nav/drive.js +0 -549
package/core/com/nav/index.js +0 -182
package/core/com/nav/tpl/admin_pc/page_form.vue +0 -180
package/core/com/nav/tpl/admin_pc/page_view.vue +0 -124
package/core/com/nav/tpl/dev_pc/page_default.vue +0 -247
package/core/com/nav/tpl/dev_pc/page_type.vue +0 -313
package/core/com/nav/tpl/home_pc/page_default.vue +0 -234
package/core/com/nav/tpl/home_pc/page_form.vue +0 -137
package/core/com/nav/tpl/home_pc/page_list.vue +0 -234
package/core/com/nav/tpl/home_pc/page_nav.vue +0 -221
package/core/com/nav/tpl/home_pc/page_type.vue +0 -234
package/core/com/nav/tpl/home_pc/page_view.vue +0 -125
package/core/com/nav/tpl/home_phone/page_channel.vue +0 -234
package/core/com/nav/tpl/home_phone/page_default.vue +0 -234
package/core/com/nav/tpl/home_phone/page_form.vue +0 -137
package/core/com/nav/tpl/home_phone/page_nav.vue +0 -237
package/core/com/nav/tpl/home_phone/page_type.vue +0 -234
package/core/com/nav/tpl/home_phone/page_view.vue +0 -125
package/core/com/nav/viewmodel.js +0 -296
package/core/com/param/drive.js +0 -366
package/core/com/param/index.js +0 -80
package/core/com/param/script.js +0 -12
package/core/com/param/test.js +0 -98
package/core/com/plugin/README.md +0 -3
package/core/com/plugin/com.json +0 -4
package/core/com/plugin/config.tpl.json +0 -26
package/core/com/plugin/drive.js +0 -536
package/core/com/plugin/index.js +0 -259
package/core/com/plugin/script.js +0 -213
package/core/com/rpc/com.json +0 -4
package/core/com/rpc/drive.js +0 -160
package/core/com/rpc/index.js +0 -87
package/core/com/rpc/rpc.js +0 -118
package/core/com/socket/com.json +0 -4
package/core/com/socket/config.tpl.json +0 -14
package/core/com/socket/drive.js +0 -403
package/core/com/socket/index.js +0 -62
package/core/com/socket/script.js +0 -42
package/core/com/sql/drive.js +0 -1087
package/core/com/sql/index.js +0 -83
package/core/com/sql/script.js +0 -48
package/core/com/static/com.json +0 -4
package/core/com/static/drive.js +0 -220
package/core/com/static/index.js +0 -149
package/core/com/static/script.js +0 -28
package/core/com/task/com.json +0 -4
package/core/com/task/drive.js +0 -403
package/core/com/task/index.js +0 -110
package/core/com/task/script.js +0 -37
package/core/com/timer/com.js +0 -217
package/core/com/timer/com.json +0 -4
package/core/com/tpl/com.js +0 -19
package/core/com/tpl/com.json +0 -4
package/lib/actions.js +0 -50
package/lib/base.js +0 -361
package/lib/com.js +0 -29
package/lib/ref.js +0 -121
package/middleware/mqtt_base/index.js +0 -10
package/middleware/mqtt_base/middleware.json +0 -10
package/middleware/performance/index.js +0 -151
package/middleware/performance/middleware.json +0 -16
package/middleware/security_audit/index.js +0 -549
package/middleware/security_audit/middleware.json +0 -48
package/middleware/security_headers/index.js +0 -487
package/middleware/security_headers/middleware.json +0 -45
package/middleware/waf/index.js +0 -348
package/middleware/waf/middleware.json +0 -10
package/middleware/waf_ddos/index.js +0 -520
package/middleware/waf_ddos/middleware.json +0 -38
package/middleware/waf_ip/index.js +0 -379
package/middleware/waf_ip/middleware.json +0 -49
package/middleware/waf_xss/index.js +0 -269
package/middleware/waf_xss/middleware.json +0 -18
package/middleware/web_after/index.js +0 -33
package/middleware/web_after/middleware.json +0 -9
package/middleware/web_base/index.js +0 -90
package/middleware/web_base/middleware.json +0 -9
package/middleware/web_before/index.js +0 -27
package/middleware/web_before/middleware.json +0 -9
package/middleware/web_check/index.js +0 -28
package/middleware/web_check/middleware.json +0 -9
package/middleware/web_main/index.js +0 -28
package/middleware/web_main/middleware.json +0 -9
package/middleware/web_proxy/index.js +0 -37
package/middleware/web_proxy/middleware.json +0 -9
package/middleware/web_render/index.js +0 -87
package/middleware/web_render/middleware.json +0 -9
package/middleware/web_socket/index.js +0 -34
package/middleware/web_socket/middleware.json +0 -9
package/middleware/web_static/index.js +0 -115
package/middleware/web_static/middleware.json +0 -9
/package/{core/com → com}/api/README.md +0 -0
/package/{core/com → com}/db/README.md +0 -0
/package/{core/com → com}/event/README.md +0 -0
/package/{core/com → com}/mqtt/README.md +0 -0
/package/{core/com → com}/nav/README.md +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_default.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_lang.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_type.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_config.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_form.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/home_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/home_phone/page_list.vue +0 -0
/package/{core/com → com}/param/README.md +0 -0
/package/{core/com/cmd → com/pendant}/README.md +0 -0
/package/{core/com → com}/socket/README.md +0 -0
/package/{core/com → com}/sql/README.md +0 -0
/package/{core/com → com}/static/README.md +0 -0
/package/{core/com → com}/task/README.md +0 -0

package/middleware/waf/index.js DELETED Viewed

@@ -1,348 +0,0 @@
-/**
- * 使用正则表达式，检测字符串是否含有攻击特征，检测到攻击特征返回true，没检测到返回false
- * @param {String} url 网址
- */
-function waf_check(url) {
-	// 基本防御
-	var rule = [
-		/select.+(from|limit)/i,
-		/(?:(union(.*?)select))/i,
-		/sleep\((\s*)(\d*)(\s*)\)/i,
-		/group\s+by.+\(/i,
-		/(?:from\W+information_schema\W)/i,
-		/(?:(?:current_)user|database|schema|connection_id)\s*\(/i,
-		/\s*or\s+.*=.*/i,
-		/order\s+by\s+.*--$/i,
-		/benchmark\((.*)\,(.*)\)/i,
-		/base64_decode\(/i,
-		/(?:(?:current_)user|database|version|schema|connection_id)\s*\(/i,
-		/(?:etc\/\W*passwd)/i,
-		/into(\s+)+(?:dump|out)file\s*/i,
-		/xwork.MethodAccessor/i,
-		/(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/i,
-		/\<(iframe|script|body|img|layer|div|meta|style|base|object|input)/i,
-		/(onmouseover|onmousemove|onerror|onload)\=/i,
-		/javascript:/i,
-		// 增强的路径遍历检测规则
-		/\.\.\//i,              // 基础 ../
-		/\.\.\\/i,             // Windows格式 ..\
-		/\%2e\%2e\//i,          // URL编码 ../
-		/\%2e%2e\//i,           // URL编码 ../
-		/\%252e%252e%2f/i,       // 双重URL编码 ../
-		/\%252e\%252e\%2f/i,    // 双重URL编码 ../
-		/\.\%2e\//i,           // 混合编码
-		/\%2e\./i,              // 变体形式
-		/\%5c/i,                 // 反斜杠URL编码
-		/\%255c/i,               // 反斜杠双重URL编码
-		// 系统文件路径检测
-		/(?:\/etc|\/proc|\/sys|\/dev|C:\\Windows|C:\\winnt|C:\\Program Files)/i,
-		// 命令注入检测
-		/\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/i,
-		/(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|/i,
-		/(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\//i
-	];
-	for (var i = 0; i < rule.length; i++) {
-		if (rule[i].test(url) == true) {
-			return rule[i];
-		}
-	}
-	return null;
-}
-/**
- * 检查路径是否包含路径遍历攻击
- * @param {String} path 路径
- * @returns {Boolean} 是否包含路径遍历
- */
-function checkPathTraversal(path) {
-	// 规范化路径以处理各种编码
-	let normalizedPath = path;
-	// 处理URL编码变体
-	const urlDecoded = decodeURIComponent(path);
-	const doubleUrlDecoded = decodeURIComponent(urlDecoded);
-	// 检查路径是否包含危险模式
-	const dangerousPatterns = [
-		'../', '../../', '../../../', // Unix/Linux格式
-		'..\\', '..\\\\', '..\\\\\\', // Windows格式
-		'/%2e%2e/', '/%2e%2e%2f', // URL编码变体
-		'\\%2e%2e\\', '\\%2e%2e\\\\' // Windows URL编码变体
-	];
-	// 检查系统关键文件路径（绝对路径攻击）
-	const systemPaths = [
-		'/etc/passwd', '/etc/shadow', '/etc/group', '/etc/hosts',
-		'/proc/', '/sys/', '/dev/', '/bin/', '/usr/bin/',
-		'C:\\Windows\\', 'C:\\winnt\\', 'C:\\Program Files\\'
-	];
-	// 检查原始路径、单次解码和双重解码后的路径
-	// 1. 检查相对路径遍历模式
-	const hasTraversalPattern = dangerousPatterns.some(pattern =>
-		path.includes(pattern) ||
-		urlDecoded.includes(pattern) ||
-		doubleUrlDecoded.includes(pattern)
-	);
-	// 2. 检查绝对路径攻击（包含系统关键文件路径）
-	const hasAbsoluteAttack = systemPaths.some(systemPath =>
-		path.toLowerCase().includes(systemPath.toLowerCase()) ||
-		urlDecoded.toLowerCase().includes(systemPath.toLowerCase()) ||
-		doubleUrlDecoded.toLowerCase().includes(systemPath.toLowerCase())
-	);
-	// 3. 检查是否以/开头的绝对路径（排除正常的网站路径）
-	const startsWithSlash = path.startsWith('/') &&
-		!path.startsWith('/api') &&
-		!path.startsWith('/static') &&
-		!path.startsWith('/public') &&
-		!path.startsWith('/assets') &&
-		!path.startsWith('/favicon.ico') &&
-		!path.startsWith('/robots.txt');
-	// 4. 检查是否包含敏感的系统文件扩展名
-	const hasSensitiveExtension = /\.(conf|ini|log|env|git|svn|htpasswd|htaccess|bashrc|bash_history|ssh|key|pem|cer|crt|pfx|p12)$/i.test(path) ||
-		/\.(conf|ini|log|env|git|svn|htpasswd|htaccess|bashrc|bash_history|ssh|key|pem|cer|crt|pfx|p12)$/i.test(urlDecoded) ||
-		/\.(conf|ini|log|env|git|svn|htpasswd|htaccess|bashrc|bash_history|ssh|key|pem|cer|crt|pfx|p12)$/i.test(doubleUrlDecoded);
-	return hasTraversalPattern || hasAbsoluteAttack || startsWithSlash || hasSensitiveExtension;
-}
-/**
- * 检查请求路径是否规范化，防止路径遍历攻击
- * @param {String} path 请求路径
- * @returns {Boolean} 是否为安全路径
- */
-function isSafePath(path) {
-	// 特殊处理根路径，直接返回安全
-	if (path === '/') {
-		return true;
-	}
-	// 获取规范化的路径
-	const normalizedPath = path.split('/')
-		.filter(segment => segment !== '')
-		.reduce((acc, segment) => {
-			// 防止路径回溯
-			if (segment === '..') {
-				acc.pop();
-			} else if (segment !== '.') {
-				acc.push(segment);
-			}
-			return acc;
-		}, [])
-		.join('/');
-	// 重新构建规范化的完整路径
-	const safePath = '/' + normalizedPath;
-	// 检查规范化后的路径长度是否小于原始路径（表示存在路径回溯）
-	return safePath.length >= path.length - 2; // 允许末尾的 '/' 差异
-}
-function getClientIP(req) {
-	return req.headers['x-forwarded-for'] || req.headers['X-Forwarded-For'] ||
-		req.connection.remoteAddress ||
-		req.socket.remoteAddress ||
-		req.connection.socket.remoteAddress;
-};
-/**
- * 检查IP是否在白名单中
- * @param {String} ip IP地址
- * @param {Object} config WAF配置
- * @returns {Boolean} 是否在白名单中
- */
-function isInWhitelist(ip, config) {
-	// 获取配置中的白名单，如果不存在则使用默认白名单
-	const whitelist = config && config.ip_whitelist && Array.isArray(config.ip_whitelist)
-		? config.ip_whitelist
-		: ['127.0.0.1', '::1', 'localhost', '192.168.31.5'];
-	return whitelist.includes(ip);
-}
-/**
- * 检查路径是否在白名单中
- * @param {String} path 请求路径
- * @param {Object} config WAF配置
- * @returns {Boolean} 是否在白名单中
- */
-function isPathWhitelisted(path, config) {
-	// 获取配置中的路径白名单，如果不存在则使用默认路径白名单
-	const pathWhitelist = config && config.path_whitelist && Array.isArray(config.path_whitelist)
-		? config.path_whitelist
-		: ['/static', '/favicon.ico', '/api', '/public', '/assets'];
-	// 检查路径是否以白名单中的任何路径开头
-	return pathWhitelist.some(whitelistPath => path.startsWith(whitelistPath));
-}
-/**
- * web防火墙
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	// 设置默认配置
-	const defaultConfig = {
-		log: true,
-		ip_whitelist: ['127.0.0.1', '::1', 'localhost', '192.168.31.5'],
-		path_whitelist: ['/static', '/favicon.ico', '/api', '/public', '/assets']
-	};
-	// 强制输出初始化日志
-	console.log('WAF MIDDLEWARE INITIALIZED');
-	// 获取全局配置中的middleware.waf配置
-	let wafConfig = defaultConfig;
-	try {
-		// 尝试从全局配置中获取middleware.waf配置
-		const fs = require('fs');
-		const path = require('path');
-		const configPath = path.resolve(process.cwd(), 'config.json');
-		if (fs.existsSync(configPath)) {
-			const globalConfig = JSON.parse(fs.readFileSync(configPath, 'utf8'));
-			if (globalConfig.middleware && globalConfig.middleware.waf) {
-				// 安全地合并默认配置和全局配置
-				wafConfig = Object.assign({}, defaultConfig, globalConfig.middleware.waf);
-				console.log('WAF using global config from config.json');
-			} else {
-				console.log('WAF using default config (no middleware.waf in config.json)');
-			}
-		}
-	} catch (error) {
-		console.error('Error loading global WAF config:', error.message);
-		// 出错时使用默认配置
-		wafConfig = defaultConfig;
-	}
-	// 确保白名单数组存在且为数组类型
-	if (!Array.isArray(wafConfig.ip_whitelist)) {
-		wafConfig.ip_whitelist = defaultConfig.ip_whitelist;
-	}
-	if (!Array.isArray(wafConfig.path_whitelist)) {
-		wafConfig.path_whitelist = defaultConfig.path_whitelist;
-	}
-	// 合并传入的config和全局配置
-	const mergedConfig = { ...wafConfig, ...(config || {}) };
-	console.log('Merged WAF Config:', JSON.stringify(mergedConfig));
-	/* WAF（web防火墙） */
-	server.use(async (ctx, next) => {
-		try {
-			// 获取客户端IP
-			var ip = getClientIP(ctx.req);
-			// 规范化IP格式，移除IPv6前缀
-			if (ip && ip.startsWith('::ffff:')) {
-				ip = ip.substring(7);
-			}
-			// 获取请求路径
-			const path = ctx.path;
-			// 强制输出请求处理日志
-			console.log('WAF PROCESSING REQUEST');
-			console.log('URL:', ctx.url);
-			console.log('Path:', path);
-			console.log('Method:', ctx.method);
-			console.log('IP:', ip);
-			// 检查IP是否在白名单中，如果是则跳过所有检查
-			if (isInWhitelist(ip, mergedConfig)) {
-				console.log(`WAF: IP ${ip} in whitelist, skipping checks`);
-				await next();
-				return;
-			}
-			// 检查路径是否在白名单中
-			if (isPathWhitelisted(path, mergedConfig)) {
-				console.log(`WAF: Path ${path} in whitelist, skipping checks`);
-				await next();
-				return;
-			}
-			// 获取请求路径和完整URL
-			var url = ctx.url;
-			// 1. 使用正则表达式检查基本攻击特征
-			console.log('Step 1: Basic attack pattern check');
-			var danger = waf_check(url);
-			console.log('WAF check result:', danger ? danger.toString() : 'safe');
-			if (danger) {
-				console.warn(`BLOCKED ATTACK from IP ${ip}:`, danger.toString());
-				// 阻止攻击请求，返回403禁止访问
-				ctx.status = 403;
-				ctx.body = {
-					code: 403,
-					msg: '访问被WAF阻止，请求包含潜在的攻击特征',
-					rule: danger.toString()
-				};
-				return;
-			}
-			// 2. 专门检查路径遍历攻击
-			console.log('Step 2: Path traversal check');
-			const hasTraversal = checkPathTraversal(path);
-			const isSafe = isSafePath(path);
-			console.log('Path traversal check results:', { path, hasTraversal, isSafe });
-			if (hasTraversal || !isSafe) {
-				console.warn(`BLOCKED PATH TRAVERSAL from IP ${ip}:`, path);
-				ctx.status = 403;
-				ctx.body = {
-					code: 403,
-					msg: '访问被WAF阻止，检测到路径遍历攻击尝试'
-				};
-				return;
-			}
-			// 3. 检查请求参数中的路径遍历
-			console.log('Step 3: Query parameter traversal check');
-			const queryParams = ctx.query;
-			for (const [key, value] of Object.entries(queryParams)) {
-				if (typeof value === 'string') {
-					const paramHasTraversal = checkPathTraversal(value);
-					console.log('Param check:', { key, value, paramHasTraversal });
-					if (paramHasTraversal) {
-						console.warn(`BLOCKED PARAM TRAVERSAL from IP ${ip}:`, `${key}=${value}`);
-						ctx.status = 403;
-						ctx.body = {
-							code: 403,
-							msg: '访问被WAF阻止，请求参数中包含路径遍历攻击尝试'
-						};
-						return;
-					}
-				}
-			}
-			// 4. 如果是POST请求，检查请求体
-			console.log('Step 4: POST body traversal check');
-			if (ctx.method === 'POST' && ctx.request.body) {
-				const bodyContent = JSON.stringify(ctx.request.body);
-				const bodyHasTraversal = checkPathTraversal(bodyContent);
-				console.log('Body check results:', bodyHasTraversal);
-				if (bodyHasTraversal) {
-					console.warn(`BLOCKED BODY TRAVERSAL from IP ${ip}`);
-					ctx.status = 403;
-					ctx.body = {
-						code: 403,
-						msg: '访问被WAF阻止，请求体中包含路径遍历攻击尝试'
-					};
-					return;
-				}
-			}
-			console.log('WAF: All checks passed, continuing request');
-			// 所有检查通过，继续处理请求
-			await next();
-		} catch (error) {
-			console.error('WAF MIDDLEWARE ERROR:', error);
-			// 出错时默认允许请求继续处理
-			await next();
-		}
-	});
-	return server;
-};

package/middleware/waf/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_waf",
-	"title": "web防火墙",
-	"description": "用于防止sql注入、脚本注入等",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 20,
-	"state": 1
-}