npm - mm_os - Versions diffs - 3.3.1 → 4.0.1 - Mend

mm_os 3.3.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/LICENSE +21 -201
package/README.md +498 -99
package/README_EN.md +505 -0
package/adapter/adapter.js +431 -0
package/adapter/custom_persistence.js +660 -0
package/adapter/mqtt.js +273 -0
package/adapter/socket.js +113 -0
package/adapter/web.js +67 -0
package/adapter/websocket.js +146 -0
package/com/api/com.json +5 -0
package/{core/com → com}/api/config.tpl.json +8 -8
package/com/api/drive.js +708 -0
package/com/api/index.js +198 -0
package/com/api/oauth.js +200 -0
package/com/api/script.tpl.js +32 -0
package/com/cmd/README.md +11 -0
package/com/cmd/com.json +5 -0
package/com/cmd/config.tpl.json +122 -0
package/com/cmd/drive.js +1548 -0
package/com/cmd/index.js +1066 -0
package/com/cmd/msg.json +48 -0
package/com/cmd/nlp.js +525 -0
package/com/cmd/script.tpl.js +32 -0
package/com/db/com.json +5 -0
package/com/db/drive.js +1999 -0
package/com/db/index.js +242 -0
package/{core/com → com}/event/README.md +4 -4
package/com/event/com.json +5 -0
package/{core/com → com}/event/config.tpl.json +18 -18
package/com/event/drive.js +59 -0
package/com/event/index.js +409 -0
package/com/event/script.tpl.js +23 -0
package/com/mqtt/com.json +5 -0
package/{core/com → com}/mqtt/config.tpl.json +3 -5
package/com/mqtt/drive.js +676 -0
package/com/mqtt/index.js +822 -0
package/com/mqtt/mm_mqtt.js +425 -0
package/com/mqtt/script.tpl.js +723 -0
package/com/nav/com.json +5 -0
package/com/nav/config.tpl.json +84 -0
package/com/nav/drive.js +702 -0
package/com/nav/index.js +231 -0
package/{core/com → com}/nav/tpl/admin_pc/page_config.vue +280 -280
package/{core/com → com}/nav/tpl/admin_pc/page_config_form.vue +194 -194
package/com/nav/tpl/admin_pc/page_form.vue +180 -0
package/com/nav/tpl/admin_pc/page_view.vue +124 -0
package/com/nav/tpl/dev_pc/page_default.vue +247 -0
package/com/nav/tpl/dev_pc/page_type.vue +313 -0
package/com/nav/tpl/home_pc/page_default.vue +234 -0
package/com/nav/tpl/home_pc/page_form.vue +137 -0
package/com/nav/tpl/home_pc/page_list.vue +234 -0
package/com/nav/tpl/home_pc/page_nav.vue +221 -0
package/com/nav/tpl/home_pc/page_type.vue +234 -0
package/com/nav/tpl/home_pc/page_view.vue +125 -0
package/com/nav/tpl/home_phone/page_channel.vue +234 -0
package/com/nav/tpl/home_phone/page_default.vue +234 -0
package/com/nav/tpl/home_phone/page_form.vue +137 -0
package/com/nav/tpl/home_phone/page_nav.vue +237 -0
package/com/nav/tpl/home_phone/page_type.vue +234 -0
package/com/nav/tpl/home_phone/page_view.vue +125 -0
package/com/nav/viewmodel.js +446 -0
package/com/param/com.json +5 -0
package/{core/com → com}/param/config.tpl.json +7 -1
package/com/param/drive.js +502 -0
package/com/param/index.js +155 -0
package/com/param/script.tpl.js +12 -0
package/com/pendant/com.json +5 -0
package/{core/com/component → com/pendant}/config.tpl.json +15 -13
package/com/pendant/drive.js +204 -0
package/com/pendant/index.js +441 -0
package/com/pendant/pendant.html +16 -0
package/com/pendant/script.tpl.js +18 -0
package/com/socket/com.json +5 -0
package/com/socket/config.tpl.json +12 -0
package/com/socket/drive.js +651 -0
package/com/socket/index.js +351 -0
package/com/socket/script.tpl.js +41 -0
package/com/sql/com.json +5 -0
package/{core/com → com}/sql/config.tpl.json +13 -9
package/com/sql/drive.js +1259 -0
package/com/sql/index.js +150 -0
package/com/sql/script.tpl.js +47 -0
package/com/static/com.json +5 -0
package/{core/com → com}/static/config.tpl.json +10 -6
package/com/static/drive.js +194 -0
package/com/static/index.js +226 -0
package/com/static/script.tpl.js +28 -0
package/com/task/com.json +5 -0
package/{core/com → com}/task/config.tpl.json +4 -6
package/com/task/drive.js +405 -0
package/com/task/index.js +148 -0
package/com/task/script.tpl.js +37 -0
package/com/template/com.json +5 -0
package/com/template/config.tpl.json +16 -0
package/com/template/drive.js +80 -0
package/com/template/index.js +141 -0
package/com.js +156 -0
package/common/README.md +2 -0
package/common/handler/msg/handler.json +22 -0
package/common/handler/msg/index.js +23 -0
package/common/handler/player/handler.json +22 -0
package/common/handler/player/index.js +287 -0
package/common/handler/user/handler.json +22 -0
package/common/handler/user/index.js +23 -0
package/common/middleware/web_after/index.js +29 -0
package/common/middleware/web_after/middleware.json +9 -0
package/common/middleware/web_base/index.js +113 -0
package/common/middleware/web_base/middleware.json +19 -0
package/common/middleware/web_before/index.js +33 -0
package/common/middleware/web_before/middleware.json +9 -0
package/common/middleware/web_cors/index.js +87 -0
package/common/middleware/web_cors/middleware.json +24 -0
package/common/middleware/web_error/index.js +119 -0
package/common/middleware/web_error/middleware.json +18 -0
package/common/middleware/web_ip/index.js +15 -0
package/common/middleware/web_ip/middleware.json +14 -0
package/common/middleware/web_logger/index.js +156 -0
package/common/middleware/web_logger/middleware.json +14 -0
package/common/middleware/web_main/index.js +24 -0
package/common/middleware/web_main/middleware.json +9 -0
package/common/middleware/web_static/index.js +73 -0
package/common/middleware/web_static/middleware.json +54 -0
package/common/middleware/web_waf/index.js +385 -0
package/common/middleware/web_waf/middleware.json +13 -0
package/common/model/msg/index.js +88 -0
package/common/model/msg/model.json +401 -0
package/common/model/player/index.js +63 -0
package/common/model/player/model.json +185 -0
package/common/model/user/index.js +11 -0
package/common/model/user/model.json +219 -0
package/core/app/config.tpl.json +67 -0
package/core/app/index.js +632 -0
package/core/app/script.tpl.js +52 -0
package/core/channel/index.js +899 -0
package/core/channel/matcher.js +585 -0
package/core/com/config.tpl.json +16 -0
package/core/com/index.js +74 -0
package/core/com/script.tpl.js +5 -0
package/core/component/component.js +42 -0
package/core/component/config.tpl.json +63 -0
package/core/component/index.js +273 -0
package/core/component/script.tpl.js +19 -0
package/core/controller/config.tpl.json +14 -0
package/core/controller/index.js +373 -0
package/core/controller/script.tpl.js +27 -0
package/core/factory/config.tpl.json +14 -0
package/core/factory/entity.js +275 -0
package/core/factory/index.js +241 -0
package/core/factory/script.tpl.js +16 -0
package/core/game/bat/index.js +137 -0
package/core/game/bat/world.js +622 -0
package/core/game/config.tpl.json +16 -0
package/core/game/entity_admin.js +230 -0
package/core/game/index.js +186 -0
package/core/handler/config.tpl.json +22 -0
package/core/handler/index.js +181 -0
package/core/handler/script.tpl.js +23 -0
package/core/logic/config.tpl.json +14 -0
package/core/logic/index.js +59 -0
package/core/logic/script.tpl.js +19 -0
package/core/middleware/config.tpl.json +16 -0
package/core/middleware/index.js +125 -0
package/core/middleware/script.tpl.js +37 -0
package/core/mod/config.tpl.json +22 -0
package/core/mod/index.js +130 -0
package/core/mod/script.tpl.js +34 -0
package/core/model/config.tpl.json +219 -0
package/core/model/index.js +272 -0
package/core/model/model.js +27 -0
package/core/model/script.tpl.js +20 -0
package/core/notifier/config.tpl.json +14 -0
package/core/notifier/index.js +77 -0
package/core/notifier/script.tpl.js +20 -0
package/core/plugin/config.tpl.json +24 -0
package/core/plugin/index.js +232 -0
package/core/plugin/script.tpl.js +51 -0
package/core/pusher/config.tpl.json +14 -0
package/core/pusher/index.js +161 -0
package/core/pusher/script.tpl.js +20 -0
package/core/room/bat/index.js +170 -0
package/core/room/bat/room.js +524 -0
package/core/room/config.tpl.json +20 -0
package/core/room/index.js +249 -0
package/core/room/room.js +61 -0
package/core/scene/config.tpl.json +14 -0
package/core/scene/index.js +466 -0
package/core/scene/loop.js +1255 -0
package/core/scene/map.js +28 -0
package/core/scene/script.tpl.js +22 -0
package/core/sender/config.tpl.json +14 -0
package/core/sender/index.js +79 -0
package/core/sender/script.tpl.js +20 -0
package/core/service/config.tpl.json +14 -0
package/core/service/index.js +100 -0
package/core/service/script.tpl.js +25 -0
package/core/store/config.tpl.json +26 -0
package/core/store/index.js +1755 -0
package/core/store/script.tpl.js +22 -0
package/core/store/sql.js +1464 -0
package/core/system/config.tpl.json +18 -0
package/core/system/index.js +312 -0
package/core/system/script.tpl.js +77 -0
package/core/view/config.tpl.json +14 -0
package/core/view/index.js +91 -0
package/core/view/script.tpl.js +20 -0
package/core/zone/bat/index.js +725 -0
package/core/zone/config.tpl.json +54 -0
package/core/zone/index.js +614 -0
package/core/zone/script.tpl.js +10 -0
package/core/zone/zone_bat.js +136 -0
package/core//345/237/272/347/261/273/346/250/241/345/235/227/346/270/205/345/215/225.md +24 -0
package/index.js +17 -333
package/os.js +57 -0
package/package.json +65 -55
package/server.js +598 -0
package/README.en.md +0 -36
package/conf.json +0 -3
package/core/base/mqtt/index.js +0 -1110
package/core/base/mqtt/lib.js +0 -40
package/core/base/web/index.js +0 -245
package/core/com/api/com.json +0 -4
package/core/com/api/drive.js +0 -668
package/core/com/api/index.js +0 -108
package/core/com/api/oauth.js +0 -158
package/core/com/api/script.js +0 -32
package/core/com/app/README.md +0 -3
package/core/com/app/com.json +0 -4
package/core/com/app/config.tpl.json +0 -16
package/core/com/app/drive.js +0 -309
package/core/com/app/index.js +0 -211
package/core/com/app/script.js +0 -155
package/core/com/cmd/com.json +0 -4
package/core/com/cmd/config.tpl.json +0 -66
package/core/com/cmd/drive.js +0 -513
package/core/com/cmd/index.js +0 -354
package/core/com/cmd/old/5w2h.js +0 -54
package/core/com/cmd/old/drive.js +0 -423
package/core/com/cmd/script.js +0 -11
package/core/com/component/README.md +0 -3
package/core/com/component/com.json +0 -4
package/core/com/component/component.html +0 -16
package/core/com/component/drive.js +0 -197
package/core/com/component/index.js +0 -312
package/core/com/component/script.js +0 -18
package/core/com/db/com.json +0 -4
package/core/com/db/drive.js +0 -1160
package/core/com/db/index.js +0 -176
package/core/com/event/com.json +0 -4
package/core/com/event/drive.js +0 -133
package/core/com/event/index.js +0 -345
package/core/com/event/script.js +0 -26
package/core/com/eventer/com.js +0 -477
package/core/com/eventer/com.json +0 -4
package/core/com/middleware/com.js +0 -154
package/core/com/middleware/com.json +0 -4
package/core/com/middleware/config.tpl.json +0 -8
package/core/com/middleware/script.js +0 -9
package/core/com/mqtt/com.json +0 -4
package/core/com/mqtt/drive.js +0 -600
package/core/com/mqtt/index.js +0 -572
package/core/com/mqtt/mm_mqtt.js +0 -330
package/core/com/mqtt/script.js +0 -604
package/core/com/msg/com.js +0 -296
package/core/com/msg/com.json +0 -4
package/core/com/nav/com.json +0 -4
package/core/com/nav/config.tpl.json +0 -75
package/core/com/nav/drive.js +0 -549
package/core/com/nav/index.js +0 -182
package/core/com/nav/tpl/admin_pc/page_form.vue +0 -180
package/core/com/nav/tpl/admin_pc/page_view.vue +0 -124
package/core/com/nav/tpl/dev_pc/page_default.vue +0 -247
package/core/com/nav/tpl/dev_pc/page_type.vue +0 -313
package/core/com/nav/tpl/home_pc/page_default.vue +0 -234
package/core/com/nav/tpl/home_pc/page_form.vue +0 -137
package/core/com/nav/tpl/home_pc/page_list.vue +0 -234
package/core/com/nav/tpl/home_pc/page_nav.vue +0 -221
package/core/com/nav/tpl/home_pc/page_type.vue +0 -234
package/core/com/nav/tpl/home_pc/page_view.vue +0 -125
package/core/com/nav/tpl/home_phone/page_channel.vue +0 -234
package/core/com/nav/tpl/home_phone/page_default.vue +0 -234
package/core/com/nav/tpl/home_phone/page_form.vue +0 -137
package/core/com/nav/tpl/home_phone/page_nav.vue +0 -237
package/core/com/nav/tpl/home_phone/page_type.vue +0 -234
package/core/com/nav/tpl/home_phone/page_view.vue +0 -125
package/core/com/nav/viewmodel.js +0 -296
package/core/com/param/drive.js +0 -366
package/core/com/param/index.js +0 -80
package/core/com/param/script.js +0 -12
package/core/com/param/test.js +0 -98
package/core/com/plugin/README.md +0 -3
package/core/com/plugin/com.json +0 -4
package/core/com/plugin/config.tpl.json +0 -26
package/core/com/plugin/drive.js +0 -536
package/core/com/plugin/index.js +0 -259
package/core/com/plugin/script.js +0 -213
package/core/com/rpc/com.json +0 -4
package/core/com/rpc/drive.js +0 -160
package/core/com/rpc/index.js +0 -87
package/core/com/rpc/rpc.js +0 -118
package/core/com/socket/com.json +0 -4
package/core/com/socket/config.tpl.json +0 -14
package/core/com/socket/drive.js +0 -403
package/core/com/socket/index.js +0 -62
package/core/com/socket/script.js +0 -42
package/core/com/sql/drive.js +0 -1087
package/core/com/sql/index.js +0 -83
package/core/com/sql/script.js +0 -48
package/core/com/static/com.json +0 -4
package/core/com/static/drive.js +0 -220
package/core/com/static/index.js +0 -149
package/core/com/static/script.js +0 -28
package/core/com/task/com.json +0 -4
package/core/com/task/drive.js +0 -403
package/core/com/task/index.js +0 -110
package/core/com/task/script.js +0 -37
package/core/com/timer/com.js +0 -217
package/core/com/timer/com.json +0 -4
package/core/com/tpl/com.js +0 -19
package/core/com/tpl/com.json +0 -4
package/lib/actions.js +0 -50
package/lib/base.js +0 -361
package/lib/com.js +0 -29
package/lib/ref.js +0 -121
package/middleware/cors/index.js +0 -119
package/middleware/cors/middleware.json +0 -20
package/middleware/csrf/index.js +0 -202
package/middleware/csrf/middleware.json +0 -24
package/middleware/ip_firewall/index.js +0 -476
package/middleware/ip_firewall/middleware.json +0 -109
package/middleware/mqtt_base/index.js +0 -10
package/middleware/mqtt_base/middleware.json +0 -11
package/middleware/security_audit/index.js +0 -543
package/middleware/security_audit/middleware.json +0 -48
package/middleware/waf/index.js +0 -343
package/middleware/waf/middleware.json +0 -10
package/middleware/waf_ddos/index.js +0 -520
package/middleware/waf_ddos/middleware.json +0 -38
package/middleware/waf_xss/index.js +0 -269
package/middleware/waf_xss/middleware.json +0 -18
package/middleware/web_after/index.js +0 -33
package/middleware/web_after/middleware.json +0 -10
package/middleware/web_base/index.js +0 -90
package/middleware/web_base/middleware.json +0 -10
package/middleware/web_before/index.js +0 -27
package/middleware/web_before/middleware.json +0 -10
package/middleware/web_check/index.js +0 -28
package/middleware/web_check/middleware.json +0 -10
package/middleware/web_main/index.js +0 -28
package/middleware/web_main/middleware.json +0 -10
package/middleware/web_proxy/index.js +0 -37
package/middleware/web_proxy/middleware.json +0 -10
package/middleware/web_render/index.js +0 -87
package/middleware/web_render/middleware.json +0 -10
package/middleware/web_socket/index.js +0 -34
package/middleware/web_socket/middleware.json +0 -10
package/middleware/web_static/index.js +0 -115
package/middleware/web_static/middleware.json +0 -10
/package/{core/com → com}/api/README.md +0 -0
/package/{core/com → com}/db/README.md +0 -0
/package/{core/com → com}/mqtt/README.md +0 -0
/package/{core/com → com}/nav/README.md +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_default.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_lang.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/admin_pc/page_type.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_config.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_form.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_nav.vue +0 -0
/package/{core/com → com}/nav/tpl/dev_pc/page_table.vue +0 -0
/package/{core/com → com}/nav/tpl/home_pc/page_channel.vue +0 -0
/package/{core/com → com}/nav/tpl/home_phone/page_list.vue +0 -0
/package/{core/com → com}/param/README.md +0 -0
/package/{core/com/cmd → com/pendant}/README.md +0 -0
/package/{core/com → com}/socket/README.md +0 -0
/package/{core/com → com}/sql/README.md +0 -0
/package/{core/com → com}/static/README.md +0 -0
/package/{core/com → com}/task/README.md +0 -0

package/middleware/waf_xss/index.js DELETED Viewed

@@ -1,269 +0,0 @@
-const mm_expand = require('mm_expand');
-/**
- * XSS攻击防护中间件
- */
-class Middleware {
-    /**
-     * 构造函数
-     */
-    constructor() {
-        this.default = {
-            // 过滤模式: sanitize(清理) | encode(编码) | both(同时进行)
-            mode: 'both',
-            // 是否过滤URL参数
-            query: true,
-            // 是否过滤表单数据
-            body: true,
-            // 是否过滤Cookie
-            cookie: true,
-            // 白名单标签
-            allowedTags: ['p', 'span', 'b', 'i', 'u', 'strong', 'em', 'br'],
-            // 白名单属性
-            allowedAttributes: ['id', 'class', 'style'],
-            // 是否记录XSS攻击尝试
-            log: true,
-            // 是否阻止恶意请求
-            block: true
-        };
-    }
-    /**
-     * 初始化中间件
-     * @param {Object} config 配置项
-     */
-    init(config) {
-        config = Object.assign({}, this.default, config);
-        this.config = config;
-        return function() {
-            // 返回中间件的run方法作为实际的处理函数
-            return function(ctx, next) {
-                return middleware.run(ctx, next);
-            };
-        };
-    }
-    /**
-     * 获取客户端真实IP
-     * 在代理环境中，优先从代理头获取真实IP
-     * @param {Object} ctx Koa上下文
-     * @returns {String} 客户端真实IP
-     */
-    getClientIp(ctx) {
-        const headers = ctx.headers;
-        // 优先检查常用代理头获取真实IP
-        // 注意：X-Forwarded-For 可能包含多个IP，取第一个非未知IP的值
-        const xForwardedFor = headers['x-forwarded-for'];
-        if (xForwardedFor) {
-            // X-Forwarded-For 格式通常为: client, proxy1, proxy2
-            const ips = xForwardedFor.split(',').map(ip => ip.trim());
-            for (let i = 0; i < ips.length; i++) {
-                const ip = ips[i];
-                if (ip && ip !== 'unknown' && ip !== '127.0.0.1' && ip !== '::1') {
-                    return ip;
-                }
-            }
-        }
-        // 检查其他常见的代理头
-        return headers['x-real-ip'] ||
-               headers['x-client-ip'] ||
-               headers['cf-connecting-ip'] || // CloudFlare
-               headers['fastly-client-ip'] || // Fastly
-               headers['true-client-ip'] || // Akamai and Cloudflare
-               ctx.ip; // 默认回退到ctx.ip
-    }
-    /**
-     * 执行中间件
-     * @param {Object} ctx Koa上下文
-     * @param {Function} next 下一个中间件
-     */
-    async run(ctx, next) {
-        const config = this.config;
-        let hasXSS = false;
-        let attackInfo = {};
-        // 清理URL查询参数
-        if (config.query && ctx.query) {
-            for (let key in ctx.query) {
-                const original = ctx.query[key];
-                const sanitized = this.sanitizeInput(original, config);
-                if (original !== sanitized) {
-                    ctx.query[key] = sanitized;
-                    hasXSS = true;
-                    attackInfo[`query.${key}`] = { original, sanitized };
-                }
-            }
-        }
-        // 清理请求体数据
-        if (config.body && ctx.request.body) {
-            this.cleanObject(ctx.request.body, config, attackInfo, 'body', hasXSS);
-        }
-        // 清理Cookie
-        if (config.cookie && ctx.cookies) {
-            const cookies = ctx.headers.cookie;
-            if (cookies) {
-                // 记录Cookie中的XSS尝试但不修改，因为修改Cookie需要重新设置
-                const cookieArr = cookies.split(';');
-                for (let cookie of cookieArr) {
-                    const [name, value] = cookie.split('=').map(item => item.trim());
-                    const sanitized = this.sanitizeInput(decodeURIComponent(value), config);
-                    if (value !== sanitized) {
-                        hasXSS = true;
-                        attackInfo[`cookie.${name}`] = { original: value, sanitized };
-                    }
-                }
-            }
-        }
-        // 记录XSS攻击尝试
-        if (hasXSS && config.log && $.log) {
-            $.log.warn('XSS Attack Attempt Detected:', {
-                ip: this.getClientIp(ctx),
-                path: ctx.path,
-                method: ctx.method,
-                attackInfo
-            });
-        }
-        // 阻止恶意请求
-        if (hasXSS && config.block) {
-            ctx.status = 403;
-            ctx.body = {
-                code: 403,
-                msg: 'Forbidden: Potential XSS attack detected'
-            };
-            return;
-        }
-        // 添加安全响应头
-        this.addSecurityHeaders(ctx);
-        await next();
-    }
-    /**
-     * 递归清理对象中的XSS内容
-     * @param {Object} obj 要清理的对象
-     * @param {Object} config 配置项
-     * @param {Object} attackInfo 攻击信息收集对象
-     * @param {String} prefix 路径前缀
-     * @param {Boolean} hasXSS 是否已发现XSS
-     */
-    cleanObject(obj, config, attackInfo, prefix, hasXSS) {
-        if (!obj || typeof obj !== 'object') return;
-        for (let key in obj) {
-            const path = `${prefix}.${key}`;
-            if (typeof obj[key] === 'string') {
-                const original = obj[key];
-                const sanitized = this.sanitizeInput(original, config);
-                if (original !== sanitized) {
-                    obj[key] = sanitized;
-                    hasXSS = true;
-                    attackInfo[path] = { original, sanitized };
-                }
-            } else if (typeof obj[key] === 'object') {
-                this.cleanObject(obj[key], config, attackInfo, path, hasXSS);
-            }
-        }
-    }
-    /**
-     * 清理输入内容
-     * @param {String} input 输入内容
-     * @param {Object} config 配置项
-     * @returns {String} 清理后的内容
-     */
-    sanitizeInput(input, config) {
-        if (!input || typeof input !== 'string') return input;
-        let output = input;
-        // 根据模式选择清理方式
-        if (config.mode === 'sanitize' || config.mode === 'both') {
-            output = this.sanitizeHTML(output, config);
-        }
-        if (config.mode === 'encode' || config.mode === 'both') {
-            output = this.encodeHTML(output);
-        }
-        return output;
-    }
-    /**
-     * 清理HTML内容
-     * @param {String} html HTML内容
-     * @param {Object} config 配置项
-     * @returns {String} 清理后的内容
-     */
-    sanitizeHTML(html, config) {
-        // 简单的HTML标签清理实现
-        // 在生产环境中，可以使用更强大的库如DOMPurify
-        let clean = html;
-        // 移除所有脚本标签
-        clean = clean.replace(/<script[^>]*>.*?<\/script>/gi, '');
-        // 移除所有事件处理器
-        clean = clean.replace(/\s+on\w+\s*=\s*["\']?[^"\'>\s]+/gi, '');
-        // 移除危险的URL协议
-        clean = clean.replace(/(src|href|data|action)\s*=\s*["\']?(javascript|data|vbscript):/gi, '$1=');
-        return clean;
-    }
-    /**
-     * 编码HTML特殊字符
-     * @param {String} html HTML内容
-     * @returns {String} 编码后的内容
-     */
-    encodeHTML(html) {
-        return String(html)
-            .replace(/&/g, '&amp;')
-            .replace(/</g, '&lt;')
-            .replace(/>/g, '&gt;')
-            .replace(/"/g, '&quot;')
-            .replace(/'/g, '&#39;');
-    }
-    /**
-     * 添加安全响应头
-     * @param {Object} ctx Koa上下文
-     */
-    addSecurityHeaders(ctx) {
-        // X-XSS-Protection 头
-        ctx.set('X-XSS-Protection', '1; mode=block');
-        // Content-Security-Policy 头
-		ctx.set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;");
-    }
-}
-// 创建中间件实例
-const middleware = new Middleware();
-// 导出符合系统期望的函数
-exports = module.exports = function(server, config) {
-    // 初始化中间件
-    const handlerFactory = middleware.init(config);
-    const middlewareHandler = handlerFactory();
-    // 直接使用server.use注册中间件
-    server.use(middlewareHandler);
-    // 记录中间件初始化信息
-    if ($.log && $.log.info) {
-        $.log.info(`XSS防护中间件已加载: 模式=${middleware.config.mode}, 过滤=${middleware.config.query ? 'query' : ''}${middleware.config.body ? ' body' : ''}${middleware.config.cookie ? ' cookie' : ''}`);
-    }
-    return server;
-};
-// 保留原始实例，以便其他方式调用
-exports.middleware = middleware;

package/middleware/waf_xss/middleware.json DELETED Viewed

@@ -1,18 +0,0 @@
-{
-  "name": "waf_xss",
-  "title": "XSS攻击防护中间件",
-  "type": "web_before",
-  "state": 1,
-  "sort": 10,
-  "desc": "提供全面的XSS攻击防护，包括输入过滤和安全响应头设置",
-  "config": {
-    "mode": "both",
-    "query": true,
-    "body": true,
-    "cookie": true,
-    "allowedTags": ["p", "span", "b", "i", "u", "strong", "em", "br"],
-    "allowedAttributes": ["id", "class", "style"],
-    "log": true,
-    "block": true
-  }
-}

package/middleware/web_after/index.js DELETED Viewed

@@ -1,33 +0,0 @@
-/**
- * web请求之后
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	server.use(async (ctx, next) => {
-		try {
-			// 先让其他中间件执行
-			await next();
-			// 然后执行after逻辑
-			try {
-				if (ctx.path !== "/favicon.ico") {
-					await $.eventer.run('web_after', ctx, ctx.db);
-					var event = $.event_admin('api');
-					var ret = await event.after(ctx.path, ctx, ctx.db);
-					if (ret) {
-						ctx.body = ret;
-					}
-				}
-			} catch (afterError) {
-				$.log.error('web_after事件执行错误:', afterError);
-				// 即使after事件出错，也不影响响应结果
-			}
-		} catch (error) {
-			$.log.error('web_after中间件错误:', error);
-			// 注意：这里不需要再次调用next()，因为已经在try块中调用过了
-		}
-	});
-	return server;
-};

package/middleware/web_after/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_after",
-	"title": "web请求后",
-	"description": "用于追加处理",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 150,
-	"state": 1
-}

package/middleware/web_base/index.js DELETED Viewed

@@ -1,90 +0,0 @@
-const xmlParser = require("mm_xml");
-const session = require('mm_session');
-const compress = require('koa-compress');
-const { koaBody } = require('koa-body');
-const send = require('koa-send');
-/**
- * web基础
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	/**
-	 * 发送文件
-	 */
-	server.use(async (ctx, next) => {
-		try {
-			ctx.send = async function(src) {
-				try {
-					await send(ctx, src);
-				} catch (sendError) {
-					$.log.error('文件发送错误:', sendError);
-					// 可以选择抛出错误让上层处理，或者静默处理
-					throw sendError;
-				}
-			}
-			await next();
-		} catch (error) {
-			$.log.error('web_base中间件(文件发送设置)错误:', error);
-			// 出错时默认允许请求继续处理
-			await next();
-		}
-	});
-	// 设置session 保存时长2小时
-	server.use(session({
-		maxAge: $.login_period || config.maxAge || 7200
-	}));
-	// 使用压缩
-	if (config.compress) {
-		server.use(
-			compress({
-				filter: function(content_type) {
-					// 只有在请求的content-type中有gzip类型，我们才会考虑压缩，因为zlib是压缩成gzip类型的
-					return /text/i.test(content_type);
-				},
-				// 阀值，当数据超过1kb的时候，可以压缩
-				threshold: 1024,
-				// zlib是node的压缩模块
-				flush: require('zlib').Z_SYNC_FLUSH
-			})
-		);
-	}
-	// 解析 text/xml
-	server.use(xmlParser());
-	var func = koaBody({
-		jsonLimit: config.jsonLimit || '20mb',
-		multipart: true,
-		formidable: {
-			// 设置上传文件大小最大限制，默认20M
-			maxFileSize: 2000 * 1024 * 1024
-		}
-	});
-	// 解析 application/json、application/x-www-form-urlencoded、text/plain
-	// 接收主体
-	server.use(async (ctx, next) => {
-		try {
-			if (!ctx.request.body) {
-				try {
-					await func(ctx, next);
-				} catch (parseError) {
-					$.log.error('请求体解析错误:', parseError);
-					// 解析错误时，确保请求继续处理
-					await next();
-				}
-			} else {
-				await next();
-			}
-		} catch (error) {
-			$.log.error('web_base中间件(请求体解析)错误:', error);
-			// 出错时默认允许请求继续处理
-			await next();
-		}
-	});
-	return server;
-};

package/middleware/web_base/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_base",
-	"title": "web基本功能",
-	"description": "用于网站常规功能",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 70,
-	"state": 1
-}

package/middleware/web_before/index.js DELETED Viewed

@@ -1,27 +0,0 @@
-/**
- * web请求之前
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	// 使用路由(主要)
-	server.use(async (ctx, next) => {
-		if (!ctx.db) {
-			ctx.db = {
-				ret: null
-			};
-		}
-		if (ctx.path !== "/favicon.ico") {
-			await $.eventer.run('web_before', ctx, ctx.db);
-			var event = $.event_admin('api');
-			var ret = await event.before(ctx.path, ctx, ctx.db);
-			// console.log("before阶段", ret);
-			if (ret) {
-				ctx.body = ret;
-			}
-		}
-		await next();
-	});
-	return server;
-};

package/middleware/web_before/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_before",
-	"title": "web请求前",
-	"description": "用于",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 80,
-	"state": 1
-}

package/middleware/web_check/index.js DELETED Viewed

@@ -1,28 +0,0 @@
-/**
- * web验证
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	// 使用路由(主要)
-	server.use(async (ctx, next) => {
-		try {
-			if (ctx.path !== "/favicon.ico") {
-				await $.eventer.run('web_check', ctx, ctx.db);
-				var event = $.event_admin('api');
-				var ret = await event.check(ctx.path, ctx, ctx.db);
-				// console.log("check阶段", ret);
-				if (ret) {
-					ctx.body = ret;
-				}
-			}
-			await next();
-		} catch (error) {
-			$.log.error('web_check中间件错误:', error);
-			// 确保请求可以继续处理
-			await next();
-		}
-	});
-	return server;
-};

package/middleware/web_check/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_check",
-	"title": "web请求验证",
-	"description": "用于验证请求，拦截不符合调条件的请求",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 90,
-	"state": 1
-}

package/middleware/web_main/index.js DELETED Viewed

@@ -1,28 +0,0 @@
-/**
- * web请求
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	// 使用路由(主要)
-	server.use(async (ctx, next) => {
-		try {
-			if (ctx.path !== "/favicon.ico") {
-				await $.eventer.run('web_main', ctx, ctx.db);
-				var event = $.event_admin('api');
-				var ret = await event.main(ctx.path, ctx, ctx.db);
-				// console.log("main阶段", ret);
-				if (ret) {
-					ctx.body = ret;
-				}
-			}
-			await next();
-		} catch (error) {
-			$.log.error('web_main中间件错误:', error);
-			// 确保请求可以继续处理
-			await next();
-		}
-	});
-	return server;
-};

package/middleware/web_main/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_main",
-	"title": "web请求主要",
-	"description": "用于处理主要请求",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "common_before",
-	"sort": 100,
-	"state": 1
-}

package/middleware/web_proxy/index.js DELETED Viewed

@@ -1,37 +0,0 @@
-const {
-	proxy,
-	proxyTo,
-	isMatch
-} = require('mm_koa_proxy');
-/**
- * 代理请求
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	if (config && config.proxy) {
-		var options = config.proxy;
-		if (options.targets) {
-			server.use(async (ctx, next) => {
-				try {
-					// 先设置用户信息头
-					if (ctx.session && ctx.session.user) {
-						ctx.request.header['user_id'] = ctx.session.user.user_id;
-					}
-					// 创建一个代理处理器
-					const proxyHandler = proxy(options, function(op, ctxProxy, nextProxy) {
-						return nextProxy();
-					});
-					// 执行代理
-					await proxyHandler(ctx, next);
-				} catch (error) {
-					$.log.error('web_proxy中间件错误:', error);
-					// 出错时默认允许请求继续处理
-					await next();
-				}
-			});
-		}
-	}
-	return server;
-};

package/middleware/web_proxy/middleware.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-	"name": "web_proxy",
-	"title": "web代理服务",
-	"description": "用于将特定路由转发到别的服务端上做处理",
-	"version": "1.0",
-	"type": "web",
-	"process_type": "worker",
-	"sort": 110,
-	"state": 1
-}

package/middleware/web_render/index.js DELETED Viewed

@@ -1,87 +0,0 @@
-/**
- * 调用函数
- * @param {Object} ret 设置响应结果
- * @param {Object} res 响应器
- * @param {String} t 请求类型
- * @return {String} 处理后的响应结果
- */
-function render_body(ret, res, t) {
-	var type;
-	if (res.type) {
-		type = res.type;
-	}
-	var tp = typeof(ret);
-	if (tp === "object") {
-		if (!type) {
-			/// 设置响应头
-			if (t.indexOf('xml') !== -1) {
-				type = t;
-			} else {
-				type = "application/json; charset=utf-8";
-			}
-			res.type = type;
-		} else {
-			if (type.indexOf('json') !== -1) {
-				type = "application/json; charset=utf-8";
-			} else if (type.indexOf('html') !== -1) {
-				type = "text/html";
-			} else if (type.indexOf('xml') !== -1) {
-				type = "text/xml; charset=utf-8";
-			} else {
-				type = "text/plain; charset=utf-8";
-			}
-			res.type = type;
-		}
-		if (type.indexOf('/xml') !== -1) {
-			return $.toXml(ret);
-		} else {
-			return JSON.stringify(ret);
-		}
-	} else if (tp === "string") {
-		ret = ret.trim();
-		if (!type) {
-			if (ret.startWith('{') && ret.endWith('}')) {
-				res.type = "application/json; charset=utf-8";
-			} else if (ret.startWith('[') && ret.endWith(']')) {
-				res.type = "application/json; charset=utf-8";
-			} else if (ret.endWith("</html>")) {
-				res.type = "text/html";
-			} else {
-				res.type = "text/plain; charset=utf-8";
-			}
-		}
-	}
-	return ret;
-};
-/**
- * web渲染
- * @param {Object} server 服务
- * @param {Object} config 配置参数
- */
-module.exports = function(server, config) {
-	// 使用路由(主要)
-	server.use(async (ctx, next) => {
-		try {
-			if (ctx.path !== "/favicon.ico") {
-				await $.eventer.run('web_render', ctx, ctx.db);
-				var event = $.event_admin('api');
-				var ret = await event.render(ctx.path, ctx, ctx.db);
-				if (!ctx.body && ret) {
-					ctx.body = ret;
-				}
-				if (ctx.body) {
-					ctx.body = render_body(ctx.body, ctx.response, ctx.request.type);
-				}
-			}
-			await next();
-		} catch (error) {
-			$.log.error('web_render中间件错误:', error);
-			// 确保请求可以继续处理
-			await next();
-		}
-	});
-	return server;
-};