npm - mm_os - Versions diffs - 3.3.1 → 4.0.0 - Mend

mm_os 3.3.1 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/LICENSE +21 -201
package/README.md +491 -99
package/README_EN.md +498 -0
package/adapter/adapter.js +431 -0
package/adapter/custom_persistence.js +660 -0
package/adapter/mqtt.js +273 -0
package/adapter/socket.js +113 -0
package/adapter/web.js +67 -0
package/adapter/websocket.js +146 -0
package/com/api/com.json +5 -0
package/{core/com → com}/api/config.tpl.json +8 -8
package/com/api/drive.js +708 -0
package/com/api/index.js +198 -0
package/com/api/oauth.js +200 -0
package/com/api/script.tpl.js +32 -0
package/com/cmd/README.md +11 -0
package/com/cmd/com.json +5 -0
package/com/cmd/config.tpl.json +122 -0
package/com/cmd/drive.js +1548 -0
package/com/cmd/index.js +1066 -0
package/com/cmd/msg.json +48 -0
package/com/cmd/nlp.js +525 -0
package/com/cmd/script.tpl.js +32 -0
package/com/db/com.json +5 -0
package/com/db/drive.js +1999 -0
package/com/db/index.js +242 -0
package/{core/com → com}/event/README.md +4 -4
package/com/event/com.json +5 -0
package/{core/com → com}/event/config.tpl.json +18 -18
package/com/event/drive.js +59 -0
package/com/event/index.js +409 -0
package/com/event/script.tpl.js +23 -0
package/com/mqtt/com.json +5 -0
package/{core/com → com}/mqtt/config.tpl.json +3 -5
package/com/mqtt/drive.js +676 -0
package/com/mqtt/index.js +822 -0
package/com/mqtt/mm_mqtt.js +425 -0
package/com/mqtt/script.tpl.js +723 -0
package/com/nav/com.json +5 -0
package/com/nav/config.tpl.json +84 -0
package/com/nav/drive.js +702 -0
package/com/nav/index.js +231 -0
package/{core/com → com}/nav/tpl/admin_pc/page_config.vue +280 -280
package/{core/com → com}/nav/tpl/admin_pc/page_config_form.vue +194 -194
package/com/nav/tpl/admin_pc/page_form.vue +180 -0
package/com/nav/tpl/admin_pc/page_view.vue +124 -0
package/com/nav/tpl/dev_pc/page_default.vue +247 -0
package/com/nav/tpl/dev_pc/page_type.vue +313 -0
package/com/nav/tpl/home_pc/page_default.vue +234 -0
package/com/nav/tpl/home_pc/page_form.vue +137 -0
package/com/nav/tpl/home_pc/page_list.vue +234 -0
package/com/nav/tpl/home_pc/page_nav.vue +221 -0
package/com/nav/tpl/home_pc/page_type.vue +234 -0
package/com/nav/tpl/home_pc/page_view.vue +125 -0
package/com/nav/tpl/home_phone/page_channel.vue +234 -0
package/com/nav/tpl/home_phone/page_default.vue +234 -0
package/com/nav/tpl/home_phone/page_form.vue +137 -0
package/com/nav/tpl/home_phone/page_nav.vue +237 -0
package/com/nav/tpl/home_phone/page_type.vue +234 -0
package/com/nav/tpl/home_phone/page_view.vue +125 -0
package/com/nav/viewmodel.js +446 -0
package/com/param/com.json +5 -0
package/{core/com → com}/param/config.tpl.json +7 -1
package/com/param/drive.js +502 -0
package/com/param/index.js +155 -0
package/com/param/script.tpl.js +12 -0
package/com/pendant/com.json +5 -0
package/{core/com/component → com/pendant}/config.tpl.json +15 -13
package/com/pendant/drive.js +204 -0
package/com/pendant/index.js +441 -0
package/com/pendant/pendant.html +16 -0
package/com/pendant/script.tpl.js +18 -0
package/com/socket/com.json +5 -0
package/com/socket/config.tpl.json +12 -0
package/com/socket/drive.js +651 -0
package/com/socket/index.js +351 -0
package/com/socket/script.tpl.js +41 -0
package/com/sql/com.json +5 -0
package/{core/com → com}/sql/config.tpl.json +13 -9
package/com/sql/drive.js +1259 -0
package/com/sql/index.js +150 -0
package/com/sql/script.tpl.js +47 -0
package/com/static/com.json +5 -0
package/{core/com → com}/static/config.tpl.json +10 -6
package/com/static/drive.js +194 -0
package/com/static/index.js +226 -0
package/com/static/script.tpl.js +28 -0
package/com/task/com.json +5 -0
package/{core/com → com}/task/config.tpl.json +4 -6
package/com/task/drive.js +405 -0
package/com/task/index.js +148 -0
package/com/task/script.tpl.js +37 -0
package/com/template/com.json +5 -0
package/com/template/config.tpl.json +16 -0
package/com/template/drive.js +80 -0
package/com/template/index.js +141 -0
package/com.js +156 -0
package/common/README.md +2 -0
package/common/handler/msg/handler.json +22 -0
package/common/handler/msg/index.js +23 -0
package/common/handler/player/handler.json +22 -0
package/common/handler/player/index.js +287 -0
package/common/handler/user/handler.json +22 -0
package/common/handler/user/index.js +23 -0
package/common/middleware/web_after/index.js +29 -0
package/common/middleware/web_after/middleware.json +9 -0
package/common/middleware/web_base/index.js +113 -0
package/common/middleware/web_base/middleware.json +19 -0
package/common/middleware/web_before/index.js +33 -0
package/common/middleware/web_before/middleware.json +9 -0
package/common/middleware/web_cors/index.js +87 -0
package/common/middleware/web_cors/middleware.json +24 -0
package/common/middleware/web_error/index.js +119 -0
package/common/middleware/web_error/middleware.json +18 -0
package/common/middleware/web_ip/index.js +15 -0
package/common/middleware/web_ip/middleware.json +14 -0
package/common/middleware/web_logger/index.js +156 -0
package/common/middleware/web_logger/middleware.json +14 -0
package/common/middleware/web_main/index.js +24 -0
package/common/middleware/web_main/middleware.json +9 -0
package/common/middleware/web_static/index.js +73 -0
package/common/middleware/web_static/middleware.json +54 -0
package/common/middleware/web_waf/index.js +385 -0
package/common/middleware/web_waf/middleware.json +13 -0
package/common/model/msg/index.js +88 -0
package/common/model/msg/model.json +401 -0
package/common/model/player/index.js +63 -0
package/common/model/player/model.json +185 -0
package/common/model/user/index.js +11 -0
package/common/model/user/model.json +219 -0
package/core/app/config.tpl.json +67 -0
package/core/app/index.js +632 -0
package/core/app/script.tpl.js +52 -0
package/core/channel/index.js +899 -0
package/core/channel/matcher.js +585 -0
package/core/com/config.tpl.json +16 -0
package/core/com/index.js +74 -0
package/core/com/script.tpl.js +5 -0
package/core/component/component.js +42 -0
package/core/component/config.tpl.json +63 -0
package/core/component/index.js +273 -0
package/core/component/script.tpl.js +19 -0
package/core/controller/config.tpl.json +14 -0
package/core/controller/index.js +373 -0
package/core/controller/script.tpl.js +27 -0
package/core/factory/config.tpl.json +14 -0
package/core/factory/entity.js +275 -0
package/core/factory/index.js +241 -0
package/core/factory/script.tpl.js +16 -0
package/core/game/bat/index.js +137 -0
package/core/game/bat/world.js +622 -0
package/core/game/config.tpl.json +16 -0
package/core/game/entity_admin.js +230 -0
package/core/game/index.js +186 -0
package/core/handler/config.tpl.json +22 -0
package/core/handler/index.js +181 -0
package/core/handler/script.tpl.js +23 -0
package/core/logic/config.tpl.json +14 -0
package/core/logic/index.js +59 -0
package/core/logic/script.tpl.js +19 -0
package/core/middleware/config.tpl.json +16 -0
package/core/middleware/index.js +125 -0
package/core/middleware/script.tpl.js +37 -0
package/core/mod/config.tpl.json +22 -0
package/core/mod/index.js +130 -0
package/core/mod/script.tpl.js +34 -0
package/core/model/config.tpl.json +219 -0
package/core/model/index.js +272 -0
package/core/model/model.js +27 -0
package/core/model/script.tpl.js +20 -0
package/core/notifier/config.tpl.json +14 -0
package/core/notifier/index.js +77 -0
package/core/notifier/script.tpl.js +20 -0
package/core/plugin/config.tpl.json +24 -0
package/core/plugin/index.js +232 -0
package/core/plugin/script.tpl.js +51 -0
package/core/pusher/config.tpl.json +14 -0
package/core/pusher/index.js +161 -0
package/core/pusher/script.tpl.js +20 -0
package/core/room/bat/index.js +170 -0
package/core/room/bat/room.js +524 -0
package/core/room/config.tpl.json +20 -0
package/core/room/index.js +249 -0
package/core/room/room.js +61 -0
package/core/scene/config.tpl.json +14 -0
package/core/scene/index.js +466 -0
package/core/scene/loop.js +1255 -0
package/core/scene/map.js +28 -0
package/core/scene/script.tpl.js +22 -0
package/core/sender/config.tpl.json +14 -0
package/core/sender/index.js +79 -0
package/core/sender/script.tpl.js +20 -0
package/core/service/config.tpl.json +14 -0
package/core/service/index.js +100 -0
package/core/service/script.tpl.js +25 -0
package/core/store/config.tpl.json +26 -0
package/core/store/index.js +1755 -0
package/core/store/script.tpl.js +22 -0
package/core/store/sql.js +1464 -0
package/core/system/config.tpl.json +18 -0
package/core/system/index.js +312 -0
package/core/system/script.tpl.js +77 -0
package/core/view/config.tpl.json +14 -0
package/core/view/index.js +91 -0
package/core/view/script.tpl.js +20 -0
package/core/zone/bat/index.js +725 -0
package/core/zone/config.tpl.json +54 -0
package/core/zone/index.js +614 -0
package/core/zone/script.tpl.js +10 -0
package/core/zone/zone_bat.js +136 -0
package/core//345/237/272/347/261/273/346/250/241/345/235/227/346/270/205/345/215/225.md +24 -0
package/index.js +17 -333
package/os.js +57 -0
package/package.json +58 -58
package/server.js +598 -0
package/README.en.md +0 -36
package/conf.json +0 -3
package/core/base/mqtt/index.js +0 -1110
package/core/base/mqtt/lib.js +0 -40
package/core/base/web/index.js +0 -245
package/core/com/api/com.json +0 -4
package/core/com/api/drive.js +0 -668
package/core/com/api/index.js +0 -108
package/core/com/api/oauth.js +0 -158
package/core/com/api/script.js +0 -32
package/core/com/app/README.md +0 -3
package/core/com/app/com.json +0 -4
package/core/com/app/config.tpl.json +0 -16
package/core/com/app/drive.js +0 -309
package/core/com/app/index.js +0 -211
package/core/com/app/script.js +0 -155
package/core/com/cmd/com.json +0 -4
package/core/com/cmd/config.tpl.json +0 -66
package/core/com/cmd/drive.js +0 -513
package/core/com/cmd/index.js +0 -354
package/core/com/cmd/old/5w2h.js +0 -54
package/core/com/cmd/old/drive.js +0 -423
package/core/com/cmd/script.js +0 -11
package/core/com/component/README.md +0 -3
package/core/com/component/com.json +0 -4
package/core/com/component/component.html +0 -16
package/core/com/component/drive.js +0 -197
package/core/com/component/index.js +0 -312
package/core/com/component/script.js +0 -18
package/core/com/db/com.json +0 -4
package/core/com/db/drive.js +0 -1160
package/core/com/db/index.js +0 -176
package/core/com/event/com.json +0 -4
package/core/com/event/drive.js +0 -133
package/core/com/event/index.js +0 -345
package/core/com/event/script.js +0 -26
package/core/com/eventer/com.js +0 -477
package/core/com/eventer/com.json +0 -4
package/core/com/middleware/com.js +0 -154
package/core/com/middleware/com.json +0 -4
package/core/com/middleware/config.tpl.json +0 -8
package/core/com/middleware/script.js +0 -9
package/core/com/mqtt/com.json +0 -4
package/core/com/mqtt/drive.js +0 -600
package/core/com/mqtt/index.js +0 -572
package/core/com/mqtt/mm_mqtt.js +0 -330
package/core/com/mqtt/script.js +0 -604
package/core/com/msg/com.js +0 -296
package/core/com/msg/com.json +0 -4
package/core/com/nav/com.json +0 -4
package/core/com/nav/config.tpl.json +0 -75
package/core/com/nav/drive.js +0 -549
package/core/com/nav/index.js +0 -182
package/core/com/nav/tpl/admin_pc/page_form.vue +0 -180
package/core/com/nav/tpl/admin_pc/page_view.vue +0 -124
package/core/com/nav/tpl/dev_pc/page_default.vue +0 -247
package/core/com/nav/tpl/dev_pc/page_type.vue +0 -313
package/core/com/nav/tpl/home_pc/page_default.vue +0 -234
package/core/com/nav/tpl/home_pc/page_form.vue +0 -137
package/core/com/nav/tpl/home_pc/page_list.vue +0 -234
package/core/com/nav/tpl/home_pc/page_nav.vue +0 -221
package/core/com/nav/tpl/home_pc/page_type.vue +0 -234
package/core/com/nav/tpl/home_pc/page_view.vue +0 -125
package/core/com/nav/tpl/home_phone/page_channel.vue +0 -234
package/core/com/nav/tpl/home_phone/page_default.vue +0 -234
package/core/com/nav/tpl/home_phone/page_form.vue +0 -137
package/core/com/nav/tpl/home_phone/page_nav.vue +0 -237
package/core/com/nav/tpl/home_phone/page_type.vue +0 -234
package/core/com/nav/tpl/home_phone/page_view.vue +0 -125
package/core/com/nav/viewmodel.js +0 -296
package/core/com/param/drive.js +0 -366
package/core/com/param/index.js +0 -80
package/core/com/param/script.js +0 -12
package/core/com/param/test.js +0 -98
package/core/com/plugin/README.md +0 -3
package/core/com/plugin/com.json +0 -4
package/core/com/plugin/config.tpl.json +0 -26
package/core/com/plugin/drive.js +0 -536
package/core/com/plugin/index.js +0 -259
package/core/com/plugin/script.js +0 -213
package/core/com/rpc/com.json +0 -4
package/core/com/rpc/drive.js +0 -160
package/core/com/rpc/index.js +0 -87
package/core/com/rpc/rpc.js +0 -118
package/core/com/socket/com.json +0 -4
package/core/com/socket/config.tpl.json +0 -14
package/core/com/socket/drive.js +0 -403
package/core/com/socket/index.js +0 -62
package/core/com/socket/script.js +0 -42
package/core/com/sql/drive.js +0 -1087
package/core/com/sql/index.js +0 -83
package/core/com/sql/script.js +0 -48
package/core/com/static/com.json +0 -4
package/core/com/static/drive.js +0 -220
package/core/com/static/index.js +0 -149
package/core/com/static/script.js +0 -28
package/core/com/task/com.json +0 -4
package/core/com/task/drive.js +0 -403
package/core/com/task/index.js +0 -110
package/core/com/task/script.js +0 -37
package/core/com/timer/com.js +0 -217
package/core/com/timer/com.json +0 -4
package/core/com/tpl/com.js +0 -19
package/core/com/tpl/com.json +0 -4
package/lib/actions.js +0 -50
package/lib/base.js +0 -361
package/lib/com.js +0 -29
package/lib/ref.js +0 -121
package/middleware/cors/index.js +0 -119
package/middleware/cors/middleware.json +0 -20
package/middleware/csrf/index.js +0 -202
package/middleware/csrf/middleware.json +0 -24
package/middleware/ip_firewall/index.js +0 -476
package/middleware/ip_firewall/middleware.json +0 -109
package/middleware/mqtt_base/index.js +0 -10
package/middleware/mqtt_base/middleware.json +0 -11
package/middleware/security_audit/index.js +0 -543
package/middleware/security_audit/middleware.json +0 -48
package/middleware/waf/index.js +0 -343
package/middleware/waf/middleware.json +0 -10
package/middleware/waf_ddos/index.js +0 -520
package/middleware/waf_ddos/middleware.json +0 -38
package/middleware/waf_xss/index.js +0 -269
package/middleware/waf_xss/middleware.json +0 -18
package/middleware/web_after/index.js +0 -33
package/middleware/web_after/middleware.json +0 -10
package/middleware/web_base/index.js +0 -90
package/middleware/web_base/middleware.json +0 -10
package/middleware/web_before/index.js +0 -27
package/middleware/web_before/middleware.json +0 -10
package/middleware/web_check/index.js +0 -28
package/middleware/web_check/middleware.json +0 -10
package/middleware/web_main/index.js +0 -28
package/middleware/web_main/middleware.json +0 -10
package/middleware/web_proxy/index.js +0 -37
package/middleware/web_proxy/middleware.json +0 -10
package/middleware/web_render/index.js +0 -87
package/middleware/web_render/middleware.json +0 -10
package/middleware/web_socket/index.js +0 -34
package/middleware/web_socket/middleware.json +0 -10
package/middleware/web_static/index.js +0 -115
package/middleware/web_static/middleware.json +0 -10
/package/{core/com → com}/api/README.md +0 -0
/package/{core/com → com}/db/README.md +0 -0
/package/{core/com → com}/mqtt/README.md +0 -0
/package/{core/com → com}/nav/README.md +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_default.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_lang.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_type.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_config.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_form.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/home_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/home_phone/page_list.vue +0 -0
/package/{core/com → com}/param/README.md +0 -0
/package/{core/com/cmd → com/pendant}/README.md +0 -0
/package/{core/com → com}/socket/README.md +0 -0
/package/{core/com → com}/sql/README.md +0 -0
/package/{core/com → com}/static/README.md +0 -0
/package/{core/com → com}/task/README.md +0 -0

package/middleware/waf/index.js DELETED Viewed

@@ -1,343 +0,0 @@
-/**
- * 使用正则表达式，检测字符串是否含有攻击特征，检测到攻击特征返回true，没检测到返回false
- * @param {String} url 网址
- */
-function waf_check(url) {
-	// 基本防御
-	var rule = [
-		/select.+(from|limit)/i,
-		/(?:(union(.*?)select))/i,
-		/sleep\((\s*)(\d*)(\s*)\)/i,
-		/group\s+by.+\(/i,
-		/(?:from\W+information_schema\W)/i,
-		/(?:(?:current_)user|database|schema|connection_id)\s*\(/i,
-		/\s*or\s+.*=.*/i,
-		/order\s+by\s+.*--$/i,
-		/benchmark\((.*)\,(.*)\)/i,
-		/base64_decode\(/i,
-		/(?:(?:current_)user|database|version|schema|connection_id)\s*\(/i,
-		/(?:etc\/\W*passwd)/i,
-		/into(\s+)+(?:dump|out)file\s*/i,
-		/xwork.MethodAccessor/i,
-		/(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(/i,
-		/\<(iframe|script|body|img|layer|div|meta|style|base|object|input)/i,
-		/(onmouseover|onmousemove|onerror|onload)\=/i,
-		/javascript:/i,
-		// 增强的路径遍历检测规则
-		/\.\.\//i,              // 基础 ../
-		/\.\.\\/i,             // Windows格式 ..\
-		/\%2e\%2e\//i,          // URL编码 ../
-		/\%2e%2e\//i,           // URL编码 ../
-		/\%252e%252e%2f/i,       // 双重URL编码 ../
-		/\%252e\%252e\%2f/i,    // 双重URL编码 ../
-		/\.\%2e\//i,           // 混合编码
-		/\%2e\./i,              // 变体形式
-		/\%5c/i,                 // 反斜杠URL编码
-		/\%255c/i,               // 反斜杠双重URL编码
-		// 系统文件路径检测
-		/(?:\/etc|\/proc|\/sys|\/dev|C:\\Windows|C:\\winnt|C:\\Program Files)/i,
-		// 命令注入检测
-		/\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)/i,
-		/(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|/i,
-		/(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\//i
-	];
-	for (var i = 0; i < rule.length; i++) {
-		if (rule[i].test(url) == true) {
-			return rule[i];
-		}
-	}
-	return null;
-}
-/**
- * 检查路径是否包含路径遍历攻击
- * @param {String} path 路径
- * @returns {Boolean} 是否包含路径遍历
- */
-function checkPathTraversal(path) {
-	// 规范化路径以处理各种编码
-	let normalizedPath = path;
-	// 处理URL编码变体
-	const urlDecoded = decodeURIComponent(path);
-	const doubleUrlDecoded = decodeURIComponent(urlDecoded);
-	// 检查路径是否包含危险模式
-	const dangerousPatterns = [
-		'../', '../../', '../../../', // Unix/Linux格式
-		'..\\', '..\\\\', '..\\\\\\', // Windows格式
-		'/%2e%2e/', '/%2e%2e%2f', // URL编码变体
-		'\\%2e%2e\\', '\\%2e%2e\\\\' // Windows URL编码变体
-	];
-	// 检查系统关键文件路径（绝对路径攻击）
-	const systemPaths = [
-		'/etc/passwd', '/etc/shadow', '/etc/group', '/etc/hosts',
-		'/proc/', '/sys/', '/dev/', '/bin/', '/usr/bin/',
-		'C:\\Windows\\', 'C:\\winnt\\', 'C:\\Program Files\\'
-	];
-	// 检查原始路径、单次解码和双重解码后的路径
-	// 1. 检查相对路径遍历模式
-	const hasTraversalPattern = dangerousPatterns.some(pattern =>
-		path.includes(pattern) ||
-		urlDecoded.includes(pattern) ||
-		doubleUrlDecoded.includes(pattern)
-	);
-	// 2. 检查绝对路径攻击（包含系统关键文件路径）
-	const hasAbsoluteAttack = systemPaths.some(systemPath =>
-		path.toLowerCase().includes(systemPath.toLowerCase()) ||
-		urlDecoded.toLowerCase().includes(systemPath.toLowerCase()) ||
-		doubleUrlDecoded.toLowerCase().includes(systemPath.toLowerCase())
-	);
-	// 3. 检查是否以/开头的绝对路径（排除正常的网站路径）
-	const startsWithSlash = path.startsWith('/') &&
-		!path.startsWith('/api') &&
-		!path.startsWith('/static') &&
-		!path.startsWith('/public') &&
-		!path.startsWith('/assets') &&
-		!path.startsWith('/favicon.ico') &&
-		!path.startsWith('/robots.txt');
-	// 4. 检查是否包含敏感的系统文件扩展名
-	const hasSensitiveExtension = /\.(conf|ini|log|env|git|svn|htpasswd|htaccess|bashrc|bash_history|ssh|key|pem|cer|crt|pfx|p12)$/i.test(path) ||
-		/\.(conf|ini|log|env|git|svn|htpasswd|htaccess|bashrc|bash_history|ssh|key|pem|cer|crt|pfx|p12)$/i.test(urlDecoded) ||
-		/\.(conf|ini|log|env|git|svn|htpasswd|htaccess|bashrc|bash_history|ssh|key|pem|cer|crt|pfx|p12)$/i.test(doubleUrlDecoded);
-	return hasTraversalPattern || hasAbsoluteAttack || startsWithSlash || hasSensitiveExtension;
-}
-/**
- * 检查请求路径是否规范化，防止路径遍历攻击
- * @param {String} path 请求路径
- * @returns {Boolean} 是否为安全路径
- */
-function isSafePath(path) {
-	// 特殊处理根路径，直接返回安全
-	if (path === '/') {
-		return true;
-	}
-	// 获取规范化的路径
-	const normalizedPath = path.split('/')
-		.filter(segment => segment !== '')
-		.reduce((acc, segment) => {
-			// 防止路径回溯
-			if (segment === '..') {
-				acc.pop();
-			} else if (segment !== '.') {
-				acc.push(segment);
-			}
-			return acc;
-		}, [])
-		.join('/');
-	// 重新构建规范化的完整路径
-	const safePath = '/' + normalizedPath;
-	// 检查规范化后的路径长度是否小于原始路径（表示存在路径回溯）
-	return safePath.length >= path.length - 2; // 允许末尾的 '/' 差异
-}
-function getClientIP(req) {
-	return req.headers['x-forwarded-for'] || req.headers['X-Forwarded-For'] ||
-		req.connection.remoteAddress ||
-		req.socket.remoteAddress ||
-		req.connection.socket.remoteAddress;
-};
-/**
- * 检查IP是否在白名单中
- * @param {String} ip IP地址
- * @param {Object} config WAF配置
- * @returns {Boolean} 是否在白名单中
- */
-function isInWhitelist(ip, config) {
-	// 优先使用全局IP管理器
-	try {
-		var { is_ip_in_whitelist } = require('../../tools/ip_manager/ip.manager.global.js');
-		if (is_ip_in_whitelist(ip)) {
-			return true;
-		}
-	} catch (error) {
-		// 如果全局IP管理器不可用，使用本地配置
-		$.log.warn('全局IP管理器不可用，使用本地WAF白名单配置');
-	}
-	// 使用本地配置作为备用
-	const whitelist = config && config.ip_whitelist && Array.isArray(config.ip_whitelist)
-		? config.ip_whitelist
-		: ['127.0.0.1', '::1', 'localhost'];
-	return whitelist.includes(ip);
-}
-/**
- * 检查路径是否在白名单中
- * @param {String} path 请求路径
- * @param {Object} config WAF配置
- * @returns {Boolean} 是否在白名单中
- */
-function isPathWhitelisted(path, config) {
-	// 获取配置中的路径白名单，如果不存在则使用默认路径白名单
-	const pathWhitelist = config && config.path_whitelist && Array.isArray(config.path_whitelist)
-		? config.path_whitelist
-		: ['/static', '/favicon.ico', '/api', '/public', '/assets'];
-	// 检查路径是否以白名单中的任何路径开头
-	return pathWhitelist.some(whitelistPath => path.startsWith(whitelistPath));
-}
-/**
- * web防火墙
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	// 设置默认配置
-	const defaultConfig = {
-		log: true,
-		ip_whitelist: ['127.0.0.1', '::1', 'localhost'],
-		path_whitelist: ['/static', '/favicon.ico', '/api', '/public', '/assets']
-	};
-	// WAF中间件已初始化
-	// 获取全局配置中的middleware.waf配置
-	let wafConfig = defaultConfig;
-	try {
-		// 尝试从全局配置中获取middleware.waf配置
-		const fs = require('fs');
-		const path = require('path');
-		const configPath = path.resolve(process.cwd(), 'config.json');
-		if (fs.existsSync(configPath)) {
-			const globalConfig = JSON.parse(fs.readFileSync(configPath, 'utf8'));
-			if (globalConfig.middleware && globalConfig.middleware.waf) {
-				// 安全地合并默认配置和全局配置
-				wafConfig = Object.assign({}, defaultConfig, globalConfig.middleware.waf);
-				// WAF使用config.json中的全局配置
-			} else {
-				// WAF使用默认配置（config.json中无middleware.waf配置）
-			}
-		}
-	} catch (error) {
-		// 全局WAF配置加载错误已通过日志系统记录
-		// 出错时使用默认配置
-		wafConfig = defaultConfig;
-	}
-	// 确保白名单数组存在且为数组类型
-	if (!Array.isArray(wafConfig.ip_whitelist)) {
-		wafConfig.ip_whitelist = defaultConfig.ip_whitelist;
-	}
-	if (!Array.isArray(wafConfig.path_whitelist)) {
-		wafConfig.path_whitelist = defaultConfig.path_whitelist;
-	}
-	// 合并传入的config和全局配置
-	const mergedConfig = { ...wafConfig, ...(config || {}) };
-	// 合并后的WAF配置已生效
-	/* WAF（web防火墙） */
-	server.use(async (ctx, next) => {
-		try {
-			// 获取客户端IP
-			var ip = getClientIP(ctx.req);
-			// 规范化IP格式，移除IPv6前缀
-			if (ip && ip.startsWith('::ffff:')) {
-				ip = ip.substring(7);
-			}
-			// 获取请求路径
-			const path = ctx.path;
-			// WAF正在处理请求
-			// 检查IP是否在白名单中，如果是则跳过所有检查
-			if (isInWhitelist(ip, mergedConfig)) {
-				// IP在白名单中，跳过安全检查
-				await next();
-				return;
-			}
-			// 检查路径是否在白名单中
-			if (isPathWhitelisted(path, mergedConfig)) {
-				// 路径在白名单中，跳过安全检查
-				await next();
-				return;
-			}
-			// 获取请求路径和完整URL
-			var url = ctx.url;
-			// 1. 使用正则表达式检查基本攻击特征
-			var danger = waf_check(url);
-			if (danger) {
-				// 检测到攻击请求，已阻止
-				ctx.status = 403;
-				ctx.body = {
-					code: 403,
-					msg: '访问被WAF阻止，请求包含潜在的攻击特征',
-					rule: danger.toString()
-				};
-				return;
-			}
-			// 2. 专门检查路径遍历攻击
-			const hasTraversal = checkPathTraversal(path);
-			const isSafe = isSafePath(path);
-			if (hasTraversal || !isSafe) {
-				// 检测到路径遍历攻击，已阻止
-				ctx.status = 403;
-				ctx.body = {
-					code: 403,
-					msg: '访问被WAF阻止，检测到路径遍历攻击尝试'
-				};
-				return;
-			}
-			// 3. 检查请求参数中的路径遍历
-			const queryParams = ctx.query;
-			for (const [key, value] of Object.entries(queryParams)) {
-				if (typeof value === 'string') {
-					const paramHasTraversal = checkPathTraversal(value);
-					if (paramHasTraversal) {
-						// 检测到请求参数中的路径遍历攻击，已阻止
-						ctx.status = 403;
-						ctx.body = {
-							code: 403,
-							msg: '访问被WAF阻止，请求参数中包含路径遍历攻击尝试'
-						};
-						return;
-					}
-				}
-			}
-			// 4. 如果是POST请求，检查请求体
-			if (ctx.method === 'POST' && ctx.request.body) {
-				const bodyContent = JSON.stringify(ctx.request.body);
-				const bodyHasTraversal = checkPathTraversal(bodyContent);
-				if (bodyHasTraversal) {
-					// 检测到请求体中的路径遍历攻击，已阻止
-					ctx.status = 403;
-					ctx.body = {
-						code: 403,
-						msg: '访问被WAF阻止，请求体中包含路径遍历攻击尝试'
-					};
-					return;
-				}
-			}
-			// 所有检查通过，继续处理请求
-			await next();
-		} catch (error) {
-			// WAF中间件错误已通过日志系统记录
-			// 出错时默认允许请求继续处理
-			await next();
-		}
-	});
-	return server;
-};

package/middleware/waf/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_waf",
-	"title": "web防火墙",
-	"description": "用于防止sql注入、脚本注入等",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 20,
-	"state": 1
-}