topbit 1.0.0 → 3.0.0

package/src/extends/jwt.js

@@ -0,0 +1,217 @@
+'use strict'
+
+/**
+ * 
+ * jwt格式：
+ * 
+ * base64UrlEncoded(header).base64UrlEncoded(payload).signature
+ * 
+ * header: {
+ *   "alg": "hs256",
+ *   "typ": "JWT"
+ * }
+ * 
+ * payload是任何object类型的数据
+ * 
+ * payload 示例 {
+ *   "id": "1234",
+ *   "name": "okk"
+ * }
+ * 
+ * signature是hamacsha256(base64UrlEncoded(header).base64UrlEncoded(payload), key)
+ * 
+ */
+
+const randstring = require('./__randstring.js')
+
+const crypto = require('node:crypto')
+
+class JWT {
+
+  constructor(options = {}) {
+    this.expires = 3600000
+    this.autoTimeout = true
+    this.header = ''
+
+    this.algMap = {
+      HS256: 'sha256',
+      HS384: 'sha384',
+      HS512: 'sha512',
+      SM3: 'sm3',
+      SHA256: 'sha256',
+      SHA512: 'sha512',
+      SHA384: 'sha384'
+    }
+
+    this.algKeys = Object.keys(this.algMap)
+
+    Object.defineProperty(this, '__key__', {
+      value: randstring(16),
+      enumerable: false,
+      configurable: false,
+      writable: true
+    })
+
+    Object.defineProperty(this, '__alg__', {
+      value: 'SM3',
+      enumerable: false,
+      configurable: false,
+      writable: true
+    })
+
+    Object.defineProperties(this, {
+      key: {
+        get: () => {
+          return this.__key__
+        },
+
+        set: (key) => {
+          this.__key__ = key
+          this.makeHeader()
+        }
+      },
+
+      alg: {
+        get: () => {
+          return this.__alg__
+        },
+
+        set: (a) => {
+          a = a.toUpperCase()
+          if (this.algKeys.indexOf(a) >= 0) {
+            this.__alg__ = a
+            this.makeHeader()
+          } else {
+            console.error(`无法支持的算法：${a}`)
+          }
+        }
+      }
+    })
+
+    for (let k in options) {
+      switch(k) {
+        case 'expires':
+        case 'autoTimeout':
+        case 'alg':
+        case 'key':
+          this[k] = options[k];
+          break;
+      }
+    }
+
+    this.makeHeader()
+  }
+
+  makeHeader() {
+    let hdata = `{"alg":"${this.__alg__}","typ":"JWT"}`
+    this.header = Buffer.from(hdata).toString('base64url')
+  }
+
+  make(data) {
+    if (typeof data === 'object') {
+      if (this.autoTimeout) {
+        data.__timeout__ = Date.now() + this.expires
+      }
+
+      data = JSON.stringify(data)
+    }
+
+    let org_str = `${this.header}.${Buffer.from(data).toString('base64url')}`
+    return `${org_str}.${this.sign(org_str, this.algMap[this.__alg__])}`
+  }
+
+  sign(org_str, a = 'sm3') {
+    let h = crypto.createHmac(a, this.__key__)
+    h.update(org_str)
+    return h.digest('base64url')
+  }
+
+  verify(token) {
+    let arr = token.split('.')
+    if (arr.length !== 3) {
+      return {
+        ok: false,
+        errcode: 'ILLEGAL'
+      }
+    }
+
+    let alg = this.__alg__
+
+    try {
+      let header = JSON.parse(Buffer.from(arr[0], 'base64url').toString('utf8'))
+      alg = header.alg
+    } catch (err) {
+      return {
+        ok: false,
+        errcode: 'ERR_HEADER'
+      }
+    }
+
+    let hs = this.algMap[alg]
+
+    if (!hs) {
+      return {
+        ok: false,
+        errcode: 'UNKNOW_ALG'
+      }
+    }
+    
+    let hstr = this.sign(`${arr[0]}.${arr[1]}`, hs)
+
+    if (hstr !== arr[2]) {
+      return {
+        ok: false,
+        errcode: 'FAILED'
+      }
+    }
+
+    let data = Buffer.from(arr[1], 'base64url').toString('utf8')
+
+    try {
+      data = JSON.parse(data)
+    } catch (err) {
+      return {
+        ok: false,
+        errcode: 'ERR_DATA'
+      }
+    }
+
+    if (data.__timeout__ !== undefined && (Date.now() > data.__timeout__)) {
+      return {
+        ok: false,
+        errcode: 'TIMEOUT'
+      }
+    }
+
+    return {
+      ok: true,
+      data: data
+    }
+
+  }
+
+  mid() {
+    let self = this
+
+    return async (ctx, next) => {
+      let token = ctx.headers.authorization || ctx.query.token
+      if (!token) {
+        return ctx.status(401).send('unauthorized')
+      }
+
+      let r = self.verify(token)
+
+      if (!r.ok) {
+        return ctx.status(401).send(r.errcode)
+      }
+
+      ctx.box.user = r.data
+      ctx.user = r.data
+
+      await next(ctx)
+    }
+  }
+
+}
+
+module.exports = JWT

package/src/extends/mixlogger.js

@@ -0,0 +1,63 @@
+'use strict'
+
+const cluster = require('node:cluster')
+
+class MixLogger {
+
+  constructor(options = {}) {
+    this.logHandle = (w, msg, handle) => {
+      return true
+    }
+
+    this.quiet = true
+
+    for (let k in options) {
+      switch(k) {
+        case 'logHandle':
+          if (typeof options[k] === 'function') {
+            this.logHandle = options[k]
+          }
+          break
+
+        case 'quiet':
+          this.quiet = !!options[k]
+          break
+      }
+    }
+
+  }
+
+  init(app) {
+    if (cluster.isWorker) {
+      return
+    }
+
+    //版本兼容
+    let mse = app.daeMsgEvent ? app.daeMsgEvent : app.msgEvent
+
+    if (mse['_log'] === undefined) {
+      if (!this.quiet) {
+        return console.error(`Warning: mixlogger must be running in daemon mode`)
+      }
+      return
+    }
+
+    let self = this
+
+    let org_log = mse['_log'].callback
+
+    let log_handle = (w, msg, handle) => {
+      if (false === self.logHandle(w, msg, handle) ) {
+        return
+      }
+
+      org_log(w, msg, handle)
+    }
+
+    app.setMsgEvent('_log', log_handle)
+  }
+
+}
+
+module.exports = MixLogger
+

package/src/extends/paramcheck.js

@@ -0,0 +1,266 @@
+'use strict'
+
+/**
+ * 用于param或者query检测的中间件扩展，启用此扩展，会自动进行属性值的检测。
+ * 支持声明式的设计，避免重复劳动。
+ */
+
+let TYPE_STRING = 1
+let TYPE_NUMBER = 2
+
+class ParamCheck {
+
+  constructor(options = {}) {
+    this.type = ['query', 'param', 'body']
+    this.key = 'param'
+    this.data = {}
+    this.errorMessage = "提交数据不符合要求"
+    //设置禁止提交的字段
+    this.deny = null
+    this.denyMessage = '存在禁止提交的数据'
+    this.deleteDeny = false
+
+    for (let k in options) {
+      switch (k) {
+        case 'key':
+          if (this.type.indexOf(options[k]) >= 0) {
+            this.key = options[k]
+          }
+          break
+
+        case 'data':
+          if (typeof options[k] === 'object') {
+            this.data = options[k]
+          }
+          break
+
+        case 'errorMessage':
+          this[k] = options[k]
+          break
+
+        case 'deny':
+          if (typeof options[k] === 'string') {
+            options[k] = [options[k]]
+          }
+          if (Array.isArray(options[k])) {
+            this.deny = options[k]
+          }
+          break
+
+        case 'deleteDeny':
+          this.deleteDeny = !!options[k]
+          break
+
+        default: 
+          this[k] = options[k]
+      }
+    }
+
+    let data_type = ''
+    for (let k in this.data) {
+      data_type = typeof this.data[k]
+
+      if (data_type === 'string' || data_type === 'number') {
+        this.data[k] = {
+          __is_value__: true,
+          __value__: this.data[k],
+          __type__: data_type === 'string' ? TYPE_STRING : TYPE_NUMBER
+        }
+
+        continue
+      }
+
+      this.data[k].__is_value__ = false
+
+      if (this.data[k].callback && typeof this.data[k].callback === 'function') {
+        this.data[k].__is_call__ = true
+      } else {
+        this.data[k].__is_call__ = false
+      }
+    }
+
+  }
+
+  /**
+   * 
+   * @param {object} obj c.param or c.query
+   * @param {*} k key name
+   * @param {*} rule filter rule
+   * 
+   * rule描述了如何进行数据的过滤，如果rule是字符串或数字则要求严格相等。
+   * 否则rule应该是一个object，可以包括的属性如下：
+   *    - callback  用于过滤的回调函数，在验证时，会传递数据，除此之外没有其他参数。
+   *    - must     false|true，表示是不是必须，如果must为true，则表示数据不能是undefined。
+   *    - default  默认值，如果存在，而参数属性未定义，则赋予默认值。
+   *    - to       int|float 要转换成哪种类型。
+   *    - min      最小值，可以 >= 此值，数字或字符串。
+   *    - max      最大值，可以 <= 此值，数字或字符串。
+   */
+  checkData(obj, k, rule, method, ost) {
+    let typ = typeof rule
+
+    ost.ok = true
+    ost.key = k
+
+    if (!rule.__is_value__) {
+        if (obj[k] === undefined) {
+          if (rule.must) {
+            ost.ok = false
+            return false
+          }
+          
+          if (rule.default !== undefined) {
+            obj[k] = rule.default
+            return true
+          }
+
+        } else {
+          //数据初始必然是字符串，转换只能是整数或浮点数或boolean。
+          if (rule.to) {
+            if (isNaN(obj[k])) {
+              ost.ok = false
+              return false
+            }
+
+            switch(rule.to) {
+              case 'int':
+                obj[k] = parseInt(obj[k])
+                if (isNaN(obj[k])) {
+                  if (rule.default !== undefined) {
+                    obj[k] = rule.default
+                    return true
+                  }
+                  ost.ok = false
+                  return false
+                }
+                break
+
+              case 'float':
+                obj[k] = parseFloat(obj[k])
+                if (isNaN(obj[k])) {
+                  if (rule.default !== undefined) {
+                    obj[k] = rule.default
+                    return true
+                  }
+                  ost.ok = false
+                  return false
+                }
+                break
+              
+              case 'boolean':
+              case 'bool':
+                obj[k] = obj[k] === 'true' ? true : false
+                break
+            }
+          }
+
+          if (rule.min !== undefined && obj[k] < rule.min) {
+            ost.ok = false
+            return false
+          }
+
+          if (rule.max !== undefined && obj[k] > rule.max) {
+            ost.ok = false
+            return false
+          }
+        }
+
+        //无论obj[k]是否存在，只要存在callback，就要执行。
+        if (rule.__is_call__) {
+          if (rule.callback(obj, k, method) !== false) {
+            return true
+          }
+          ost.ok = false
+          return false
+        }
+      
+    } else if (rule.__type__ === TYPE_STRING) {
+      if (obj[k] === undefined || obj[k] !== rule.__value__) {
+        ost.ok = false
+        return false
+      }
+    } else if (rule.__type__ === TYPE_NUMBER) {
+      if (obj[k] === undefined || obj[k] != rule.__value__) {
+        ost.ok = false
+        return false
+      }
+    }
+
+    return true
+  }
+
+  dataFilter(c) {
+    let d = c[this.key]
+    let ost = {ok: true, key: ''}
+
+    if (this.key !== 'body' || (c.body !== c.rawBody && typeof c.body === 'object')) {
+      for (let k in this.data) {
+        if (!this.checkData(d, k, this.data[k], c.method, ost)) {
+          return ost
+        }
+      }
+    }
+
+    return ost
+  }
+
+  mid() {
+    let self = this
+    let dataObject = this.data
+
+    if (!Array.isArray(this.deny) || this.deny.length === 0) this.deny = null
+
+    if (this.deny) {
+      if (this.deleteDeny) {
+        return async (c, next) => {
+
+          if (self.key !== 'body' || (c.body !== c.rawBody && typeof c.body === 'object')) {
+            let obj = c[self.key]
+
+            for (let k of self.deny) {
+              if (obj[k] !== undefined) delete obj[k]
+            }
+          }
+
+          let r = self.dataFilter(c)
+          if (!r.ok) {
+            return c.status(400).to(dataObject[r.key].errorMessage || self.errorMessage)
+          }
+
+          await next(c)
+        }
+
+      }
+
+      return async (c, next) => {
+        if (self.key !== 'body' || (c.body !== c.rawBody && typeof c.body === 'object')) {
+          let obj = c[self.key]
+
+          for (let k of self.deny) {
+            if (obj[k] !== undefined) return c.status(400).to(self.denyMessage)
+          }
+        }
+
+        let r = self.dataFilter(c)
+        if (!r.ok) {
+          return c.status(400).to(dataObject[r.key].errorMessage || self.errorMessage)
+        }
+
+        await next(c)
+      }
+      
+    }
+
+    return async (c, next) => {
+      let r = self.dataFilter(c)
+      if (!r.ok) {
+        return c.status(400).to(dataObject[r.key].errorMessage || self.errorMessage)
+      }
+
+      await next(c)
+    }
+  }
+
+}
+
+module.exports = ParamCheck