npm - mm_os - Versions diffs - 3.3.0 → 4.0.0 - Mend

mm_os 3.3.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/LICENSE +21 -201
package/README.md +491 -99
package/README_EN.md +498 -0
package/adapter/adapter.js +431 -0
package/adapter/custom_persistence.js +660 -0
package/adapter/mqtt.js +273 -0
package/adapter/socket.js +113 -0
package/adapter/web.js +67 -0
package/adapter/websocket.js +146 -0
package/com/api/com.json +5 -0
package/{core/com → com}/api/config.tpl.json +8 -8
package/com/api/drive.js +708 -0
package/com/api/index.js +198 -0
package/com/api/oauth.js +200 -0
package/com/api/script.tpl.js +32 -0
package/com/cmd/README.md +11 -0
package/com/cmd/com.json +5 -0
package/com/cmd/config.tpl.json +122 -0
package/com/cmd/drive.js +1548 -0
package/com/cmd/index.js +1066 -0
package/com/cmd/msg.json +48 -0
package/com/cmd/nlp.js +525 -0
package/com/cmd/script.tpl.js +32 -0
package/com/db/com.json +5 -0
package/com/db/drive.js +1999 -0
package/com/db/index.js +242 -0
package/com/event/com.json +5 -0
package/{core/com → com}/event/config.tpl.json +8 -8
package/com/event/drive.js +59 -0
package/com/event/index.js +409 -0
package/com/event/script.tpl.js +23 -0
package/com/mqtt/com.json +5 -0
package/{core/com → com}/mqtt/config.tpl.json +3 -5
package/com/mqtt/drive.js +676 -0
package/com/mqtt/index.js +822 -0
package/com/mqtt/mm_mqtt.js +425 -0
package/com/mqtt/script.tpl.js +723 -0
package/com/nav/com.json +5 -0
package/com/nav/config.tpl.json +84 -0
package/com/nav/drive.js +702 -0
package/com/nav/index.js +231 -0
package/{core/com → com}/nav/tpl/admin_pc/page_config.vue +280 -280
package/{core/com → com}/nav/tpl/admin_pc/page_config_form.vue +194 -194
package/com/nav/tpl/admin_pc/page_form.vue +180 -0
package/com/nav/tpl/admin_pc/page_view.vue +124 -0
package/com/nav/tpl/dev_pc/page_default.vue +247 -0
package/com/nav/tpl/dev_pc/page_type.vue +313 -0
package/com/nav/tpl/home_pc/page_default.vue +234 -0
package/com/nav/tpl/home_pc/page_form.vue +137 -0
package/com/nav/tpl/home_pc/page_list.vue +234 -0
package/com/nav/tpl/home_pc/page_nav.vue +221 -0
package/com/nav/tpl/home_pc/page_type.vue +234 -0
package/com/nav/tpl/home_pc/page_view.vue +125 -0
package/com/nav/tpl/home_phone/page_channel.vue +234 -0
package/com/nav/tpl/home_phone/page_default.vue +234 -0
package/com/nav/tpl/home_phone/page_form.vue +137 -0
package/com/nav/tpl/home_phone/page_nav.vue +237 -0
package/com/nav/tpl/home_phone/page_type.vue +234 -0
package/com/nav/tpl/home_phone/page_view.vue +125 -0
package/com/nav/viewmodel.js +446 -0
package/com/param/com.json +5 -0
package/{core/com → com}/param/config.tpl.json +7 -1
package/com/param/drive.js +502 -0
package/com/param/index.js +155 -0
package/com/param/script.tpl.js +12 -0
package/com/pendant/com.json +5 -0
package/{core/com/component → com/pendant}/config.tpl.json +15 -13
package/com/pendant/drive.js +204 -0
package/com/pendant/index.js +441 -0
package/com/pendant/pendant.html +16 -0
package/com/pendant/script.tpl.js +18 -0
package/com/socket/com.json +5 -0
package/com/socket/config.tpl.json +12 -0
package/com/socket/drive.js +651 -0
package/com/socket/index.js +351 -0
package/com/socket/script.tpl.js +41 -0
package/com/sql/com.json +5 -0
package/{core/com → com}/sql/config.tpl.json +13 -9
package/com/sql/drive.js +1259 -0
package/com/sql/index.js +150 -0
package/com/sql/script.tpl.js +47 -0
package/com/static/com.json +5 -0
package/{core/com → com}/static/config.tpl.json +10 -6
package/com/static/drive.js +194 -0
package/com/static/index.js +226 -0
package/com/static/script.tpl.js +28 -0
package/com/task/com.json +5 -0
package/{core/com → com}/task/config.tpl.json +4 -6
package/com/task/drive.js +405 -0
package/com/task/index.js +148 -0
package/com/task/script.tpl.js +37 -0
package/com/template/com.json +5 -0
package/com/template/config.tpl.json +16 -0
package/com/template/drive.js +80 -0
package/com/template/index.js +141 -0
package/com.js +156 -0
package/common/README.md +2 -0
package/common/handler/msg/handler.json +22 -0
package/common/handler/msg/index.js +23 -0
package/common/handler/player/handler.json +22 -0
package/common/handler/player/index.js +287 -0
package/common/handler/user/handler.json +22 -0
package/common/handler/user/index.js +23 -0
package/common/middleware/web_after/index.js +29 -0
package/common/middleware/web_after/middleware.json +9 -0
package/common/middleware/web_base/index.js +113 -0
package/common/middleware/web_base/middleware.json +19 -0
package/common/middleware/web_before/index.js +33 -0
package/common/middleware/web_before/middleware.json +9 -0
package/common/middleware/web_cors/index.js +87 -0
package/common/middleware/web_cors/middleware.json +24 -0
package/common/middleware/web_error/index.js +119 -0
package/common/middleware/web_error/middleware.json +18 -0
package/common/middleware/web_ip/index.js +15 -0
package/common/middleware/web_ip/middleware.json +14 -0
package/common/middleware/web_logger/index.js +156 -0
package/common/middleware/web_logger/middleware.json +14 -0
package/common/middleware/web_main/index.js +24 -0
package/common/middleware/web_main/middleware.json +9 -0
package/common/middleware/web_static/index.js +73 -0
package/common/middleware/web_static/middleware.json +54 -0
package/common/middleware/web_waf/index.js +385 -0
package/common/middleware/web_waf/middleware.json +13 -0
package/common/model/msg/index.js +88 -0
package/common/model/msg/model.json +401 -0
package/common/model/player/index.js +63 -0
package/common/model/player/model.json +185 -0
package/common/model/user/index.js +11 -0
package/common/model/user/model.json +219 -0
package/core/app/config.tpl.json +67 -0
package/core/app/index.js +632 -0
package/core/app/script.tpl.js +52 -0
package/core/channel/index.js +899 -0
package/core/channel/matcher.js +585 -0
package/core/com/config.tpl.json +16 -0
package/core/com/index.js +74 -0
package/core/com/script.tpl.js +5 -0
package/core/component/component.js +42 -0
package/core/component/config.tpl.json +63 -0
package/core/component/index.js +273 -0
package/core/component/script.tpl.js +19 -0
package/core/controller/config.tpl.json +14 -0
package/core/controller/index.js +373 -0
package/core/controller/script.tpl.js +27 -0
package/core/factory/config.tpl.json +14 -0
package/core/factory/entity.js +275 -0
package/core/factory/index.js +241 -0
package/core/factory/script.tpl.js +16 -0
package/core/game/bat/index.js +137 -0
package/core/game/bat/world.js +622 -0
package/core/game/config.tpl.json +16 -0
package/core/game/entity_admin.js +230 -0
package/core/game/index.js +186 -0
package/core/handler/config.tpl.json +22 -0
package/core/handler/index.js +181 -0
package/core/handler/script.tpl.js +23 -0
package/core/logic/config.tpl.json +14 -0
package/core/logic/index.js +59 -0
package/core/logic/script.tpl.js +19 -0
package/core/middleware/config.tpl.json +16 -0
package/core/middleware/index.js +125 -0
package/core/middleware/script.tpl.js +37 -0
package/core/mod/config.tpl.json +22 -0
package/core/mod/index.js +130 -0
package/core/mod/script.tpl.js +34 -0
package/core/model/config.tpl.json +219 -0
package/core/model/index.js +272 -0
package/core/model/model.js +27 -0
package/core/model/script.tpl.js +20 -0
package/core/notifier/config.tpl.json +14 -0
package/core/notifier/index.js +77 -0
package/core/notifier/script.tpl.js +20 -0
package/core/plugin/config.tpl.json +24 -0
package/core/plugin/index.js +232 -0
package/core/plugin/script.tpl.js +51 -0
package/core/pusher/config.tpl.json +14 -0
package/core/pusher/index.js +161 -0
package/core/pusher/script.tpl.js +20 -0
package/core/room/bat/index.js +170 -0
package/core/room/bat/room.js +524 -0
package/core/room/config.tpl.json +20 -0
package/core/room/index.js +249 -0
package/core/room/room.js +61 -0
package/core/scene/config.tpl.json +14 -0
package/core/scene/index.js +466 -0
package/core/scene/loop.js +1255 -0
package/core/scene/map.js +28 -0
package/core/scene/script.tpl.js +22 -0
package/core/sender/config.tpl.json +14 -0
package/core/sender/index.js +79 -0
package/core/sender/script.tpl.js +20 -0
package/core/service/config.tpl.json +14 -0
package/core/service/index.js +100 -0
package/core/service/script.tpl.js +25 -0
package/core/store/config.tpl.json +26 -0
package/core/store/index.js +1755 -0
package/core/store/script.tpl.js +22 -0
package/core/store/sql.js +1464 -0
package/core/system/config.tpl.json +18 -0
package/core/system/index.js +312 -0
package/core/system/script.tpl.js +77 -0
package/core/view/config.tpl.json +14 -0
package/core/view/index.js +91 -0
package/core/view/script.tpl.js +20 -0
package/core/zone/bat/index.js +725 -0
package/core/zone/config.tpl.json +54 -0
package/core/zone/index.js +614 -0
package/core/zone/script.tpl.js +10 -0
package/core/zone/zone_bat.js +136 -0
package/core//345/237/272/347/261/273/346/250/241/345/235/227/346/270/205/345/215/225.md +24 -0
package/index.js +17 -314
package/os.js +57 -0
package/package.json +60 -58
package/server.js +598 -0
package/README.en.md +0 -36
package/conf.json +0 -3
package/core/base/mqtt/index.js +0 -1107
package/core/base/mqtt/lib.js +0 -40
package/core/base/web/index.js +0 -243
package/core/com/api/com.json +0 -4
package/core/com/api/drive.js +0 -668
package/core/com/api/index.js +0 -108
package/core/com/api/oauth.js +0 -158
package/core/com/api/script.js +0 -32
package/core/com/app/README.md +0 -3
package/core/com/app/com.json +0 -4
package/core/com/app/config.tpl.json +0 -16
package/core/com/app/drive.js +0 -309
package/core/com/app/index.js +0 -211
package/core/com/app/script.js +0 -155
package/core/com/cmd/com.json +0 -4
package/core/com/cmd/config.tpl.json +0 -66
package/core/com/cmd/drive.js +0 -513
package/core/com/cmd/index.js +0 -354
package/core/com/cmd/old/5w2h.js +0 -54
package/core/com/cmd/old/drive.js +0 -423
package/core/com/cmd/script.js +0 -11
package/core/com/component/README.md +0 -3
package/core/com/component/com.json +0 -4
package/core/com/component/component.html +0 -16
package/core/com/component/drive.js +0 -197
package/core/com/component/index.js +0 -312
package/core/com/component/script.js +0 -18
package/core/com/db/com.json +0 -4
package/core/com/db/drive.js +0 -1160
package/core/com/db/index.js +0 -176
package/core/com/event/com.json +0 -4
package/core/com/event/drive.js +0 -133
package/core/com/event/index.js +0 -345
package/core/com/event/script.js +0 -26
package/core/com/eventer/com.js +0 -477
package/core/com/eventer/com.json +0 -4
package/core/com/middleware/com.js +0 -153
package/core/com/middleware/com.json +0 -4
package/core/com/middleware/config.tpl.json +0 -8
package/core/com/middleware/script.js +0 -9
package/core/com/mqtt/com.json +0 -4
package/core/com/mqtt/drive.js +0 -600
package/core/com/mqtt/index.js +0 -572
package/core/com/mqtt/mm_mqtt.js +0 -330
package/core/com/mqtt/script.js +0 -604
package/core/com/msg/com.js +0 -296
package/core/com/msg/com.json +0 -4
package/core/com/nav/com.json +0 -4
package/core/com/nav/config.tpl.json +0 -75
package/core/com/nav/drive.js +0 -549
package/core/com/nav/index.js +0 -182
package/core/com/nav/tpl/admin_pc/page_form.vue +0 -180
package/core/com/nav/tpl/admin_pc/page_view.vue +0 -124
package/core/com/nav/tpl/dev_pc/page_default.vue +0 -247
package/core/com/nav/tpl/dev_pc/page_type.vue +0 -313
package/core/com/nav/tpl/home_pc/page_default.vue +0 -234
package/core/com/nav/tpl/home_pc/page_form.vue +0 -137
package/core/com/nav/tpl/home_pc/page_list.vue +0 -234
package/core/com/nav/tpl/home_pc/page_nav.vue +0 -221
package/core/com/nav/tpl/home_pc/page_type.vue +0 -234
package/core/com/nav/tpl/home_pc/page_view.vue +0 -125
package/core/com/nav/tpl/home_phone/page_channel.vue +0 -234
package/core/com/nav/tpl/home_phone/page_default.vue +0 -234
package/core/com/nav/tpl/home_phone/page_form.vue +0 -137
package/core/com/nav/tpl/home_phone/page_nav.vue +0 -237
package/core/com/nav/tpl/home_phone/page_type.vue +0 -234
package/core/com/nav/tpl/home_phone/page_view.vue +0 -125
package/core/com/nav/viewmodel.js +0 -296
package/core/com/param/drive.js +0 -366
package/core/com/param/index.js +0 -80
package/core/com/param/script.js +0 -12
package/core/com/param/test.js +0 -98
package/core/com/plugin/README.md +0 -3
package/core/com/plugin/com.json +0 -4
package/core/com/plugin/config.tpl.json +0 -26
package/core/com/plugin/drive.js +0 -536
package/core/com/plugin/index.js +0 -259
package/core/com/plugin/script.js +0 -213
package/core/com/rpc/com.json +0 -4
package/core/com/rpc/drive.js +0 -160
package/core/com/rpc/index.js +0 -87
package/core/com/rpc/rpc.js +0 -118
package/core/com/socket/com.json +0 -4
package/core/com/socket/config.tpl.json +0 -14
package/core/com/socket/drive.js +0 -403
package/core/com/socket/index.js +0 -62
package/core/com/socket/script.js +0 -42
package/core/com/sql/drive.js +0 -1087
package/core/com/sql/index.js +0 -83
package/core/com/sql/script.js +0 -48
package/core/com/static/com.json +0 -4
package/core/com/static/drive.js +0 -220
package/core/com/static/index.js +0 -149
package/core/com/static/script.js +0 -28
package/core/com/task/com.json +0 -4
package/core/com/task/drive.js +0 -403
package/core/com/task/index.js +0 -110
package/core/com/task/script.js +0 -37
package/core/com/timer/com.js +0 -217
package/core/com/timer/com.json +0 -4
package/core/com/tpl/com.js +0 -19
package/core/com/tpl/com.json +0 -4
package/lib/actions.js +0 -50
package/lib/base.js +0 -361
package/lib/com.js +0 -29
package/lib/ref.js +0 -121
package/middleware/mqtt_base/index.js +0 -10
package/middleware/mqtt_base/middleware.json +0 -10
package/middleware/performance/index.js +0 -151
package/middleware/performance/middleware.json +0 -16
package/middleware/security_audit/index.js +0 -549
package/middleware/security_audit/middleware.json +0 -48
package/middleware/security_headers/index.js +0 -487
package/middleware/security_headers/middleware.json +0 -45
package/middleware/waf/index.js +0 -348
package/middleware/waf/middleware.json +0 -10
package/middleware/waf_ddos/index.js +0 -520
package/middleware/waf_ddos/middleware.json +0 -38
package/middleware/waf_ip/index.js +0 -379
package/middleware/waf_ip/middleware.json +0 -49
package/middleware/waf_xss/index.js +0 -269
package/middleware/waf_xss/middleware.json +0 -18
package/middleware/web_after/index.js +0 -33
package/middleware/web_after/middleware.json +0 -9
package/middleware/web_base/index.js +0 -90
package/middleware/web_base/middleware.json +0 -9
package/middleware/web_before/index.js +0 -27
package/middleware/web_before/middleware.json +0 -9
package/middleware/web_check/index.js +0 -28
package/middleware/web_check/middleware.json +0 -9
package/middleware/web_main/index.js +0 -28
package/middleware/web_main/middleware.json +0 -9
package/middleware/web_proxy/index.js +0 -37
package/middleware/web_proxy/middleware.json +0 -9
package/middleware/web_render/index.js +0 -87
package/middleware/web_render/middleware.json +0 -9
package/middleware/web_socket/index.js +0 -34
package/middleware/web_socket/middleware.json +0 -9
package/middleware/web_static/index.js +0 -115
package/middleware/web_static/middleware.json +0 -9
/package/{core/com → com}/api/README.md +0 -0
/package/{core/com → com}/db/README.md +0 -0
/package/{core/com → com}/event/README.md +0 -0
/package/{core/com → com}/mqtt/README.md +0 -0
/package/{core/com → com}/nav/README.md +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_default.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_lang.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_type.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_config.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_form.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/home_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/home_phone/page_list.vue +0 -0
/package/{core/com → com}/param/README.md +0 -0
/package/{core/com/cmd → com/pendant}/README.md +0 -0
/package/{core/com → com}/socket/README.md +0 -0
/package/{core/com → com}/sql/README.md +0 -0
/package/{core/com → com}/static/README.md +0 -0
/package/{core/com → com}/task/README.md +0 -0

package/middleware/waf_ip/index.js DELETED Viewed

@@ -1,379 +0,0 @@
-const {
-	exec
-} = require('child_process');
-const platform = require('os').platform();
-/**
- * 获取客户端IP
- * @param {Object} req 请求对象
- * @returns {String} 返回真实IP
- */
-function getClientIP(req) {
-	var ip = req.headers['x-forwarded-for'] || req.headers['X-Forwarded-For'] || req.headers['x-real-ip'] ||
-		req.connection.remoteAddress ||
-		req.socket.remoteAddress ||
-		req.connection.socket.remoteAddress;
-	if (ip && ip.split(',').length > 0) {
-		ip = ip.split(',')[0]; // 取第一个IP地址
-	}
-	// 处理IPv6本地地址
-	if (ip === '::1' || ip === '::ffff:127.0.0.1') {
-		ip = '127.0.0.1';
-	}
-	// 移除可能的端口号
-	if (ip && ip.includes(':')) {
-		ip = ip.split(':')[0];
-	}
-	return ip;
-};
-/**
- * 检查IP是否在白名单中
- * @param {String} ip IP地址
- * @param {Array} whitelist 白名单IP数组
- * @returns {Boolean} 是否在白名单中
- */
-function isInWhitelist(ip, whitelist) {
-	if (!whitelist || !Array.isArray(whitelist)) return false;
-	return whitelist.some(whiteIP => {
-		// 支持CIDR格式（如192.168.1.0/24）
-		if (whiteIP.includes('/')) {
-			return ipInCidr(ip, whiteIP);
-		}
-		return ip === whiteIP;
-	});
-}
-/**
- * 检查IP是否在CIDR范围内
- * @param {String} ip IP地址
- * @param {String} cidr CIDR格式字符串（如192.168.1.0/24）
- * @returns {Boolean} 是否在范围内
- */
-function ipInCidr(ip, cidr) {
-	const [network, prefixLength] = cidr.split('/');
-	const netmask = -1 << (32 - parseInt(prefixLength, 10));
-	function ipToInt(ip) {
-		return ip.split('.').reduce((acc, octet) => (acc << 8) + parseInt(octet, 10), 0) >>> 0;
-	}
-	return (ipToInt(ip) & netmask) === (ipToInt(network) & netmask);
-}
-/**
- * 设置黑名单
- * @param {String} ip IP地址
- * @param {Object} config 配置参数
- */
-async function setting_blacklist(ip, config) {
-	// 检查是否已在黑名单中
-	const blacklistKey = `blacklist_${ip}`;
-	try {
-		const isBlacklisted = await $.cache.get(blacklistKey);
-		if (isBlacklisted) {
-			$.log.info(`IP ${ip} 已在黑名单中，无需重复添加`);
-			return;
-		}
-	} catch (error) {
-		$.log.error('检查黑名单缓存错误:', error);
-	}
-	var cmd;
-	if (platform == "win32") {
-		// Windows系统
-		cmd = `netsh advfirewall firewall add rule name="Blacklist ${ip}" dir=in action=block remoteip="${ip}" protocol=any`;
-	} else {
-		// Linux系统 - 不使用sudo，让系统确保权限
-		cmd = `iptables -A INPUT -s ${ip} -j DROP`;
-	}
-	try {
-		// 使用Promise包装exec以支持异步操作
-		await new Promise((resolve, reject) => {
-			exec(cmd, (error, stdout, stderr) => {
-				if (error) {
-					console.error(`执行黑名单命令错误: ${error}`);
-					reject(error);
-					return;
-				}
-				$.log.info(`IP ${ip} 已加入防火墙黑名单`);
-				if (stderr) {
-					console.error(`黑名单命令标准错误: ${stderr}`);
-				}
-				resolve();
-			});
-		});
-		// 记录到缓存，支持黑名单过期时间
-		const expireTime = config.blacklist_expire_time || 86400000; // 默认1天
-		await $.cache.set(blacklistKey, true, expireTime);
-		// 记录黑名单IP，便于管理
-			const blacklistIPsKey = 'blacklisted_ips';
-			let blacklistIPs = [];
-			try {
-				const existing = await $.cache.get(blacklistIPsKey);
-				if (existing) {
-					blacklistIPs = typeof existing === 'string' ? JSON.parse(existing) : existing;
-				}
-				if (!Array.isArray(blacklistIPs)) {
-					blacklistIPs = [];
-				}
-				if (!blacklistIPs.includes(ip)) {
-					blacklistIPs.push(ip);
-					await $.cache.set(blacklistIPsKey, blacklistIPs, 0); // 永不过期
-				}
-			} catch (cacheError) {
-				$.log.error('保存黑名单IP列表错误:', cacheError);
-			}
-	} catch (error) {
-		$.log.error(`添加IP ${ip} 到黑名单失败:`, error);
-	}
-}
-/**
- * 从防火墙中移除黑名单IP
- * @param {String} ip IP地址
- */
-async function remove_blacklist(ip) {
-	var cmd;
-	if (platform == "win32") {
-		// Windows系统
-		cmd = `netsh advfirewall firewall delete rule name="Blacklist ${ip}"`;
-	} else {
-		// Linux系统
-		cmd = `iptables -D INPUT -s ${ip} -j DROP`;
-	}
-	try {
-		await new Promise((resolve, reject) => {
-			exec(cmd, (error, stdout, stderr) => {
-				if (error) {
-					console.error(`移除黑名单命令错误: ${error}`);
-					// 对于Windows，如果规则不存在，delete命令也会返回错误，但这不是严重问题
-					if (platform !== "win32") {
-						reject(error);
-						return;
-					}
-				}
-				$.log.info(`IP ${ip} 已从防火墙黑名单中移除`);
-				if (stderr) {
-					console.error(`移除黑名单命令标准错误: ${stderr}`);
-				}
-				resolve();
-			});
-		});
-		// 从缓存中移除
-		await $.cache.del(`blacklist_${ip}`);
-		// 从黑名单列表中移除
-		const blacklistIPsKey = 'blacklisted_ips';
-		try {
-			const existing = await $.cache.get(blacklistIPsKey);
-			if (existing) {
-				let blacklistIPs = typeof existing === 'string' ? JSON.parse(existing) : existing;
-				if (Array.isArray(blacklistIPs)) {
-					blacklistIPs = blacklistIPs.filter(ipItem => ipItem !== ip);
-					await $.cache.set(blacklistIPsKey, blacklistIPs, 0);
-				}
-			}
-		} catch (cacheError) {
-			$.log.error('更新黑名单IP列表错误:', cacheError);
-		}
-	} catch (error) {
-		$.log.error(`移除IP ${ip} 从黑名单失败:`, error);
-	}
-}
-/**
- * 初始化功能 - 加载持久化的黑名单并应用
- * @param {Object} config 配置参数
- */
-async function initBlacklist(config) {
-	if (!config.persist_blacklist) return;
-	try {
-		const blacklistIPsKey = 'blacklisted_ips';
-		const existing = await $.cache.get(blacklistIPsKey);
-		if (existing) {
-			let blacklistIPs = typeof existing === 'string' ? JSON.parse(existing) : existing;
-			if (Array.isArray(blacklistIPs) && blacklistIPs.length > 0) {
-				$.log.info(`正在应用 ${blacklistIPs.length} 个持久化的黑名单IP规则...`);
-				for (const ip of blacklistIPs) {
-					// 重新应用黑名单规则
-					await setting_blacklist(ip, config);
-				}
-			}
-		}
-	} catch (error) {
-		$.log.error('初始化持久化黑名单失败:', error);
-	}
-}
-/**
- * IP防火墙
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = async function(server, config) {
-	// 从配置中获取参数，提供默认值
-	var limit = config.request_limit || 1000; // 默认每分钟1000请求
-	var duration = config.request_duration || 60000; // 默认60秒
-	var block = config.request_block || true; // 默认启用黑名单
-	var whitelist = config.ip_whitelist || []; // IP白名单
-	var blacklist_expire_time = config.blacklist_expire_time || 86400000; // 默认黑名单1天过期
-	var persist_blacklist = config.persist_blacklist !== undefined ? config.persist_blacklist : true; // 是否持久化黑名单
-	// 初始化持久化黑名单
-	if (persist_blacklist) {
-		await initBlacklist(config);
-	}
-	if (limit && duration) {
-		/* WAF（web防火墙） */
-		server.use(async (ctx, next) => {
-			try {
-				var pass = true;
-				// 获取IP
-				var ip = getClientIP(ctx.req);
-				// 检查白名单
-				if (isInWhitelist(ip, whitelist)) {
-					ctx.request.ip = ip;
-					ctx.ip = ip;
-					await next();
-					return;
-				}
-				// 检查是否已被黑名单
-				try {
-					const isBlacklisted = await $.cache.get(`blacklist_${ip}`);
-					if (isBlacklisted) {
-						ctx.status = 403;
-						ctx.body = '您的IP已被禁止访问';
-						return;
-					}
-				} catch (blacklistCheckError) {
-					$.log.error('检查黑名单状态错误:', blacklistCheckError);
-				}
-				var num = 1;
-				var now = new Date();
-				var date = now.toStr('yyyy-MM-dd');
-				var time;
-				var json;
-				try {
-					var str = await $.cache.get("ip_" + ip);
-					if (str) {
-						if (typeof(str) === "string") {
-							try {
-								json = JSON.parse(str);
-							} catch (jsonError) {
-								$.log.error('WAF IP中间件JSON解析错误:', jsonError);
-								json = null;
-							}
-						} else {
-							json = str;
-						}
-						if (json) {
-							try {
-								if (json.date !== date) {
-									num = 1;
-								} else {
-									// 判断时间间隔是否在范围外
-									// 安全地处理json.time，无论它是字符串还是对象
-									if (typeof json.time === 'string') {
-										// 如果json.time是字符串，尝试解析它
-										const savedTime = new Date(json.time);
-										if (!isNaN(savedTime.getTime()) && (now - savedTime) > duration) {
-											num = 1;
-										} else {
-											// 如果是在周期内，访问次数+1，并判断是否超出上限
-											num = json.num + 1;
-											if (num > limit) {
-												// 超出上限禁止访问，并加入黑名单
-												pass = false;
-												if (block) {
-													await setting_blacklist(ip, config);
-												}
-											}
-										}
-									} else if (json.time && json.time.toTime && typeof json.time.toTime().interval === 'function') {
-										// 原有逻辑，处理对象类型的时间
-										if (json.time.toTime().interval(now) > duration) {
-											num = 1;
-										} else {
-											// 如果是在周期内，访问次数+1，并判断是否超出上限
-											num = json.num + 1;
-											if (num > limit) {
-												// 超出上限禁止访问，并加入黑名单
-												pass = false;
-												if (block) {
-													await setting_blacklist(ip, config);
-												}
-											}
-										}
-									} else {
-										// 默认情况：如果时间格式不正确，重置计数
-										num = 1;
-									}
-								}
-							} catch (timeError) {
-								$.log.error('WAF IP中间件时间处理错误:', timeError);
-								// 出错时重置计数以保证安全
-								num = 1;
-							}
-						}
-					}
-				} catch (cacheError) {
-					$.log.error('WAF IP中间件缓存操作错误:', cacheError);
-					// 缓存出错时，默认允许请求通过
-				}
-				if (!time) {
-					time = now.toStr('yyyy-MM-dd hh:mm:ss');
-				}
-				if (pass) {
-					try {
-						await $.cache.set("ip_" + ip, JSON.stringify({
-							date,
-							time,
-							num
-						}), duration);
-					} catch (setCacheError) {
-						$.log.error('WAF IP中间件缓存设置错误:', setCacheError);
-						// 缓存设置失败不影响请求处理
-					}
-					ctx.request.ip = ip;
-					ctx.ip = ip;
-					await next();
-				} else {
-					ctx.status = 429;
-					ctx.body = '请求频率过高，请稍后再试。';
-				}
-			} catch (error) {
-				$.log.error('WAF IP中间件错误:', error);
-				// 出错时默认允许请求通过
-				ctx.ip = getClientIP(ctx.req);
-				await next();
-			}
-		});
-	}
-	// 提供手动管理黑名单的API方法
-	if (!$.waf_ip) {
-		$.waf_ip = {
-			addBlacklist: setting_blacklist,
-			removeBlacklist: remove_blacklist,
-			getClientIP: getClientIP,
-			isInWhitelist: isInWhitelist
-		};
-	}
-	return server;
-};

package/middleware/waf_ip/middleware.json DELETED Viewed

@@ -1,49 +0,0 @@
-{
-	"name": "web_waf_ip",
-	"title": "IP防火墙增强版",
-	"description": "增强版IP防火墙，支持IP白名单、黑名单持久化、自动过期等功能，有效防止DOS攻击",
-	"version": "2.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 10,
-	"state": 1,
-	"config": {
-		"request_limit": {
-			"type": "number",
-			"title": "请求限制数量",
-			"description": "在指定时间内允许的最大请求数",
-			"value": 1000,
-			"placeholder": "请输入数字"
-		},
-		"request_duration": {
-			"type": "number",
-			"title": "统计时间窗口（毫秒）",
-			"description": "请求计数的时间窗口，单位为毫秒",
-			"value": 60000,
-			"placeholder": "请输入毫秒数"
-		},
-		"request_block": {
-			"type": "boolean",
-			"title": "启用黑名单封禁",
-			"description": "是否将超限IP添加到系统防火墙黑名单",
-			"value": true
-		},
-		"ip_whitelist": [
-			"192.168.31.5",
-			"127.0.0.1"
-		],
-		"blacklist_expire_time": {
-			"type": "number",
-			"title": "黑名单过期时间（毫秒）",
-			"description": "IP被添加到黑名单后自动失效的时间，单位为毫秒",
-			"value": 86400000,
-			"placeholder": "请输入毫秒数"
-		},
-		"persist_blacklist": {
-			"type": "boolean",
-			"title": "持久化黑名单",
-			"description": "系统重启后是否自动重新应用已保存的黑名单规则",
-			"value": true
-		}
-	}
-}

package/middleware/waf_xss/index.js DELETED Viewed

@@ -1,269 +0,0 @@
-const mm_expand = require('mm_expand');
-/**
- * XSS攻击防护中间件
- */
-class Middleware {
-    /**
-     * 构造函数
-     */
-    constructor() {
-        this.default = {
-            // 过滤模式: sanitize(清理) | encode(编码) | both(同时进行)
-            mode: 'both',
-            // 是否过滤URL参数
-            query: true,
-            // 是否过滤表单数据
-            body: true,
-            // 是否过滤Cookie
-            cookie: true,
-            // 白名单标签
-            allowedTags: ['p', 'span', 'b', 'i', 'u', 'strong', 'em', 'br'],
-            // 白名单属性
-            allowedAttributes: ['id', 'class', 'style'],
-            // 是否记录XSS攻击尝试
-            log: true,
-            // 是否阻止恶意请求
-            block: true
-        };
-    }
-    /**
-     * 初始化中间件
-     * @param {Object} config 配置项
-     */
-    init(config) {
-        config = Object.assign({}, this.default, config);
-        this.config = config;
-        return function() {
-            // 返回中间件的run方法作为实际的处理函数
-            return function(ctx, next) {
-                return middleware.run(ctx, next);
-            };
-        };
-    }
-    /**
-     * 获取客户端真实IP
-     * 在代理环境中，优先从代理头获取真实IP
-     * @param {Object} ctx Koa上下文
-     * @returns {String} 客户端真实IP
-     */
-    getClientIp(ctx) {
-        const headers = ctx.headers;
-        // 优先检查常用代理头获取真实IP
-        // 注意：X-Forwarded-For 可能包含多个IP，取第一个非未知IP的值
-        const xForwardedFor = headers['x-forwarded-for'];
-        if (xForwardedFor) {
-            // X-Forwarded-For 格式通常为: client, proxy1, proxy2
-            const ips = xForwardedFor.split(',').map(ip => ip.trim());
-            for (let i = 0; i < ips.length; i++) {
-                const ip = ips[i];
-                if (ip && ip !== 'unknown' && ip !== '127.0.0.1' && ip !== '::1') {
-                    return ip;
-                }
-            }
-        }
-        // 检查其他常见的代理头
-        return headers['x-real-ip'] ||
-               headers['x-client-ip'] ||
-               headers['cf-connecting-ip'] || // CloudFlare
-               headers['fastly-client-ip'] || // Fastly
-               headers['true-client-ip'] || // Akamai and Cloudflare
-               ctx.ip; // 默认回退到ctx.ip
-    }
-    /**
-     * 执行中间件
-     * @param {Object} ctx Koa上下文
-     * @param {Function} next 下一个中间件
-     */
-    async run(ctx, next) {
-        const config = this.config;
-        let hasXSS = false;
-        let attackInfo = {};
-        // 清理URL查询参数
-        if (config.query && ctx.query) {
-            for (let key in ctx.query) {
-                const original = ctx.query[key];
-                const sanitized = this.sanitizeInput(original, config);
-                if (original !== sanitized) {
-                    ctx.query[key] = sanitized;
-                    hasXSS = true;
-                    attackInfo[`query.${key}`] = { original, sanitized };
-                }
-            }
-        }
-        // 清理请求体数据
-        if (config.body && ctx.request.body) {
-            this.cleanObject(ctx.request.body, config, attackInfo, 'body', hasXSS);
-        }
-        // 清理Cookie
-        if (config.cookie && ctx.cookies) {
-            const cookies = ctx.headers.cookie;
-            if (cookies) {
-                // 记录Cookie中的XSS尝试但不修改，因为修改Cookie需要重新设置
-                const cookieArr = cookies.split(';');
-                for (let cookie of cookieArr) {
-                    const [name, value] = cookie.split('=').map(item => item.trim());
-                    const sanitized = this.sanitizeInput(decodeURIComponent(value), config);
-                    if (value !== sanitized) {
-                        hasXSS = true;
-                        attackInfo[`cookie.${name}`] = { original: value, sanitized };
-                    }
-                }
-            }
-        }
-        // 记录XSS攻击尝试
-        if (hasXSS && config.log && $.log) {
-            $.log.warn('XSS Attack Attempt Detected:', {
-                ip: this.getClientIp(ctx),
-                path: ctx.path,
-                method: ctx.method,
-                attackInfo
-            });
-        }
-        // 阻止恶意请求
-        if (hasXSS && config.block) {
-            ctx.status = 403;
-            ctx.body = {
-                code: 403,
-                msg: 'Forbidden: Potential XSS attack detected'
-            };
-            return;
-        }
-        // 添加安全响应头
-        this.addSecurityHeaders(ctx);
-        await next();
-    }
-    /**
-     * 递归清理对象中的XSS内容
-     * @param {Object} obj 要清理的对象
-     * @param {Object} config 配置项
-     * @param {Object} attackInfo 攻击信息收集对象
-     * @param {String} prefix 路径前缀
-     * @param {Boolean} hasXSS 是否已发现XSS
-     */
-    cleanObject(obj, config, attackInfo, prefix, hasXSS) {
-        if (!obj || typeof obj !== 'object') return;
-        for (let key in obj) {
-            const path = `${prefix}.${key}`;
-            if (typeof obj[key] === 'string') {
-                const original = obj[key];
-                const sanitized = this.sanitizeInput(original, config);
-                if (original !== sanitized) {
-                    obj[key] = sanitized;
-                    hasXSS = true;
-                    attackInfo[path] = { original, sanitized };
-                }
-            } else if (typeof obj[key] === 'object') {
-                this.cleanObject(obj[key], config, attackInfo, path, hasXSS);
-            }
-        }
-    }
-    /**
-     * 清理输入内容
-     * @param {String} input 输入内容
-     * @param {Object} config 配置项
-     * @returns {String} 清理后的内容
-     */
-    sanitizeInput(input, config) {
-        if (!input || typeof input !== 'string') return input;
-        let output = input;
-        // 根据模式选择清理方式
-        if (config.mode === 'sanitize' || config.mode === 'both') {
-            output = this.sanitizeHTML(output, config);
-        }
-        if (config.mode === 'encode' || config.mode === 'both') {
-            output = this.encodeHTML(output);
-        }
-        return output;
-    }
-    /**
-     * 清理HTML内容
-     * @param {String} html HTML内容
-     * @param {Object} config 配置项
-     * @returns {String} 清理后的内容
-     */
-    sanitizeHTML(html, config) {
-        // 简单的HTML标签清理实现
-        // 在生产环境中，可以使用更强大的库如DOMPurify
-        let clean = html;
-        // 移除所有脚本标签
-        clean = clean.replace(/<script[^>]*>.*?<\/script>/gi, '');
-        // 移除所有事件处理器
-        clean = clean.replace(/\s+on\w+\s*=\s*["\']?[^"\'>\s]+/gi, '');
-        // 移除危险的URL协议
-        clean = clean.replace(/(src|href|data|action)\s*=\s*["\']?(javascript|data|vbscript):/gi, '$1=');
-        return clean;
-    }
-    /**
-     * 编码HTML特殊字符
-     * @param {String} html HTML内容
-     * @returns {String} 编码后的内容
-     */
-    encodeHTML(html) {
-        return String(html)
-            .replace(/&/g, '&amp;')
-            .replace(/</g, '&lt;')
-            .replace(/>/g, '&gt;')
-            .replace(/"/g, '&quot;')
-            .replace(/'/g, '&#39;');
-    }
-    /**
-     * 添加安全响应头
-     * @param {Object} ctx Koa上下文
-     */
-    addSecurityHeaders(ctx) {
-        // X-XSS-Protection 头
-        ctx.set('X-XSS-Protection', '1; mode=block');
-        // Content-Security-Policy 头
-        ctx.set('Content-Security-Policy', "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;");
-    }
-}
-// 创建中间件实例
-const middleware = new Middleware();
-// 导出符合系统期望的函数
-exports = module.exports = function(server, config) {
-    // 初始化中间件
-    const handlerFactory = middleware.init(config);
-    const middlewareHandler = handlerFactory();
-    // 直接使用server.use注册中间件
-    server.use(middlewareHandler);
-    // 记录中间件初始化信息
-    if ($.log && $.log.info) {
-        $.log.info(`XSS防护中间件已加载: 模式=${middleware.config.mode}, 过滤=${middleware.config.query ? 'query' : ''}${middleware.config.body ? ' body' : ''}${middleware.config.cookie ? ' cookie' : ''}`);
-    }
-    return server;
-};
-// 保留原始实例，以便其他方式调用
-exports.middleware = middleware;