npm - weifuwu - Versions diffs - 0.8.0 → 0.8.1 - Mend

weifuwu 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -10718,9 +10718,24 @@ var require_built3 = __commonJS({
 // serve.ts
 import http from "node:http";
-async function readBody(req) {
+async function readBody(req, maxSize) {
+  if (maxSize) {
+    const cl = parseInt(req.headers["content-length"] ?? "0", 10);
+    if (cl > maxSize) {
+      const err = new Error("Request body too large");
+      err.status = 413;
+      throw err;
+    }
+  }
   const chunks = [];
+  let total = 0;
   for await (const chunk of req) {
+    total += chunk.byteLength;
+    if (maxSize && total > maxSize) {
+      const err = new Error("Request body too large");
+      err.status = 413;
+      throw err;
+    }
     chunks.push(chunk);
   }
   return Buffer.concat(chunks);
@@ -10766,11 +10781,16 @@ function serve(handler, options) {
   const hostname = options?.hostname ?? "0.0.0.0";
   const server = http.createServer(async (req, res) => {
     try {
-      const body = await readBody(req);
+      const body = await readBody(req, options?.maxBodySize);
       const [request, query] = createRequest(req, body);
       const response = await handler(request, { params: {}, query });
       await sendResponse(res, response);
-    } catch {
+    } catch (err) {
+      if (err?.status === 413) {
+        res.writeHead(413, { "Content-Type": "text/plain" });
+        res.end("Request Body Too Large");
+        return;
+      }
       res.writeHead(500, { "Content-Type": "text/plain" });
       res.end("Internal Server Error");
     }
@@ -11013,8 +11033,13 @@ var Router = class _Router {
           return mw(innerReq, ctx2, dispatch);
         }
         return await new Promise((resolve3) => {
-          upgradeSocket(wss, req, socket, head, match.handler, ctx2);
-          resolve3(new Response(null, { status: 101 }));
+          try {
+            upgradeSocket(wss, req, socket, head, match.handler, ctx2);
+            resolve3(new Response(null, { status: 101 }));
+          } catch {
+            socket.destroy();
+            resolve3(new Response("WebSocket upgrade failed", { status: 500 }));
+          }
         });
       };
       Promise.resolve(dispatch(webReq, ctx)).then((result) => {
@@ -11815,7 +11840,7 @@ function validate(schemas) {
     if (issues.length > 0) {
       return Response.json({ error: "Validation failed", issues }, { status: 400 });
     }
-    ctx.parsed = parsed;
+    ctx.parsed = { ...ctx.parsed, ...parsed };
     return next(req, ctx);
   };
 }
@@ -11831,7 +11856,11 @@ function getCookies(req) {
     const name15 = pair.slice(0, idx).trim();
     const value = pair.slice(idx + 1).trim();
     if (name15) {
-      cookies[name15] = decodeURIComponent(value);
+      try {
+        cookies[name15] = decodeURIComponent(value);
+      } catch {
+        cookies[name15] = value;
+      }
     }
   }
   return cookies;
@@ -11874,67 +11903,45 @@ function upload(options) {
   const saveDir = options?.dir;
   return async (req, ctx, next) => {
     const ct = req.headers.get("content-type") ?? "";
-    if (!ct.includes("multipart/form-data")) {
-      return next(req, ctx);
-    }
-    const match = ct.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
-    if (!match) {
-      return Response.json({ error: "Missing boundary" }, { status: 400 });
+    if (!ct.includes("multipart/form-data")) return next(req, ctx);
+    let formData;
+    try {
+      formData = await req.formData();
+    } catch {
+      return Response.json({ error: "Invalid multipart data" }, { status: 400 });
     }
-    const boundary = match[1] ?? match[2];
-    const body = await req.text();
-    const rawParts = body.split(`--${boundary}`).filter((p) => p && !p.startsWith("--") && !p.startsWith("\r\n--"));
     const files = {};
     const fields = {};
-    for (const raw of rawParts) {
-      const trimmed = raw.replace(/^\r?\n/, "");
-      const lines = trimmed.split(/\r?\n/);
-      let i = 0;
-      const headers = {};
-      while (i < lines.length && lines[i].length > 0) {
-        const sep3 = lines[i].indexOf(": ");
-        if (sep3 !== -1) headers[lines[i].slice(0, sep3).toLowerCase()] = lines[i].slice(sep3 + 2);
-        i++;
-      }
-      i++;
-      const bodyValue = lines.slice(i).join("\r\n");
-      const disposition = headers["content-disposition"] ?? "";
-      const nameMatch = disposition.match(/name="([^"]*)"/);
-      if (!nameMatch) continue;
-      const name15 = nameMatch[1];
-      const filenameMatch = disposition.match(/filename="([^"]*)"/);
-      const filename = filenameMatch?.[1];
-      if (filename) {
-        const buf = Buffer.from(bodyValue.replace(/\r?\n$/, ""), "binary");
-        if (options?.allowedTypes) {
-          const mime = headers["content-type"] ?? "application/octet-stream";
-          if (!options.allowedTypes.includes(mime)) {
-            return Response.json({ error: `File type not allowed: ${mime}` }, { status: 415 });
-          }
+    for (const [key, value] of formData) {
+      if (value instanceof File) {
+        if (options?.allowedTypes && !options.allowedTypes.includes(value.type)) {
+          return Response.json({ error: `File type not allowed: ${value.type}` }, { status: 415 });
         }
-        if (options?.maxFileSize && buf.byteLength > options.maxFileSize) {
-          return Response.json({ error: `File too large: ${filename}` }, { status: 413 });
+        if (options?.maxFileSize && value.size > options.maxFileSize) {
+          return Response.json({ error: `File too large: ${value.name}` }, { status: 413 });
         }
+        const buf = Buffer.from(await value.arrayBuffer());
         const uf = {
-          name: filename,
-          type: headers["content-type"] ?? "application/octet-stream",
+          name: value.name,
+          type: value.type,
           size: buf.byteLength,
           buffer: saveDir ? void 0 : buf
         };
         if (saveDir) {
-          const filePath = join2(saveDir, `${randomUUID()}-${filename}`);
+          const safeName = value.name.replace(/[/\\]/g, "");
+          const filePath = join2(saveDir, `${randomUUID()}-${safeName}`);
           await mkdir(saveDir, { recursive: true });
           await writeFile(filePath, buf);
           uf.path = filePath;
         }
-        if (files[name15]) {
-          const existing = files[name15];
-          files[name15] = Array.isArray(existing) ? [...existing, uf] : [existing, uf];
+        if (files[key]) {
+          const existing = files[key];
+          files[key] = Array.isArray(existing) ? [...existing, uf] : [existing, uf];
         } else {
-          files[name15] = uf;
+          files[key] = uf;
         }
       } else {
-        fields[name15] = bodyValue.replace(/\r?\n$/, "");
+        fields[key] = value;
       }
     }
     ctx.parsed = { ...ctx.parsed, files, fields };
@@ -13542,12 +13549,21 @@ function queue(opts) {
     if (!running) return;
     try {
       const now = Date.now();
-      const jobs = await redis2.zrangebyscore(jobKey, 0, now);
-      if (jobs.length > 0) {
-        await redis2.zrem(jobKey, ...jobs);
-      }
-      for (const raw of jobs) {
-        const job = JSON.parse(raw);
+      while (true) {
+        const result = await redis2.zpopmin(jobKey);
+        if (result.length < 2) break;
+        const raw = result[0];
+        const score = parseInt(result[1], 10);
+        if (score > now) {
+          await redis2.zadd(jobKey, score, raw);
+          break;
+        }
+        let job;
+        try {
+          job = JSON.parse(raw);
+        } catch {
+          continue;
+        }
         const handler = handlers.get(job.type);
         if (handler) {
           handler(job).then(() => {
@@ -13555,11 +13571,13 @@ function queue(opts) {
               try {
                 const nextRun = cronNext(job.schedule);
                 const nextJob = { ...job, id: crypto3.randomUUID(), runAt: nextRun, createdAt: Date.now() };
-                redis2.zadd(jobKey, nextRun, JSON.stringify(nextJob));
+                redis2.zadd(jobKey, nextRun, JSON.stringify(nextJob)).catch(() => {
+                });
               } catch {
               }
             }
-          }).catch(() => {
+          }).catch((e) => {
+            console.error("[queue] handler error:", e);
           });
         }
       }
@@ -13844,6 +13862,10 @@ async function getUserTable(sql, tenantId, slug) {
   `;
   return row ?? null;
 }
+function requireAdmin(ctx) {
+  if (ctx.tenant?.role !== "admin") return Response.json({ error: "Forbidden" }, { status: 403 });
+  return null;
+}
 function buildRouter(sql, usersTable) {
   const r = new Router();
   r.post("/sys/tenants", async (req, ctx) => {
@@ -13869,6 +13891,8 @@ function buildRouter(sql, usersTable) {
     return Response.json(rows);
   });
   r.post("/sys/tenants/invite", async (req, ctx) => {
+    const err = requireAdmin(ctx);
+    if (err) return err;
     const { email, role = "member" } = await req.json();
     const [user2] = await sql`
       SELECT id FROM ${sql(usersTable)} WHERE "email" = ${email} LIMIT 1
@@ -13886,6 +13910,8 @@ function buildRouter(sql, usersTable) {
     return Response.json({ ok: true }, { status: 201 });
   });
   r.delete("/sys/tenants/members/:userId", async (req, ctx) => {
+    const err = requireAdmin(ctx);
+    if (err) return err;
     const userId = parseInt(ctx.params.userId, 10);
     await sql`
       DELETE FROM "_tenant_members"
@@ -13894,6 +13920,8 @@ function buildRouter(sql, usersTable) {
     return Response.json({ ok: true });
   });
   r.post("/sys/tables", async (req, ctx) => {
+    const err = requireAdmin(ctx);
+    if (err) return err;
     const body = await req.json();
     const slugErr = validateSlug(body.slug);
     if (slugErr) return Response.json({ error: slugErr }, { status: 400 });
@@ -13932,6 +13960,8 @@ function buildRouter(sql, usersTable) {
     return Response.json(table);
   });
   r.patch("/sys/tables/:slug", async (req, ctx) => {
+    const err = requireAdmin(ctx);
+    if (err) return err;
     const body = await req.json();
     if (!body.fields || !Array.isArray(body.fields)) {
       return Response.json({ error: "fields array required" }, { status: 400 });
@@ -13952,6 +13982,8 @@ function buildRouter(sql, usersTable) {
     return Response.json({ ...table, fields: merged });
   });
   r.delete("/sys/tables/:slug", async (_req, ctx) => {
+    const err = requireAdmin(ctx);
+    if (err) return err;
     await sql.unsafe(dropTableSQL(ctx.tenant.id, ctx.params.slug));
     await sql`
       DELETE FROM "_user_tables"
@@ -24407,15 +24439,19 @@ function createWSHandler(deps) {
                     VALUES (${channel_id}, ${am.member_id}, 'agent', ${result.output})
                   `.then(([r]) => {
                     broadcastToChannel(channel_id, { type: "message", data: r });
+                  }).catch((e) => {
+                    console.error("[messager] agent reply insert failed:", e);
                   });
                 }
-              }).catch(() => {
+              }).catch((e) => {
+                console.error("[messager] agent run failed:", e);
               });
             }
           }
           break;
         }
         case "typing": {
+          if (channel_id) subscribe(ws, userId, channel_id);
           broadcastToChannel(channel_id, {
             type: "typing",
             channel_id,
@@ -24426,6 +24462,7 @@ function createWSHandler(deps) {
         }
         case "read": {
           if (!channel_id || !last_message_id) return;
+          subscribe(ws, userId, channel_id);
           await sql`
             UPDATE "_channel_members"
             SET last_read_id = ${last_message_id}, last_read_at = NOW()
@@ -24570,9 +24607,12 @@ function buildRouter3(deps) {
               VALUES (${channelId}, ${am.member_id}, 'agent', ${result.output})
             `.then(([r2]) => {
               broadcastToChannel(channelId, { type: "message", data: r2 });
+            }).catch((e) => {
+              console.error("[messager] agent reply insert failed:", e);
             });
           }
-        }).catch(() => {
+        }).catch((e) => {
+          console.error("[messager] agent run failed:", e);
         });
       }
     }

package/dist/serve.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@ export interface ServeOptions {
     hostname?: string;
     signal?: AbortSignal;
     websocket?: (req: IncomingMessage, socket: Duplex, head: Buffer) => void;
+    maxBodySize?: number;
 }
 export interface Server {
     stop: () => void;
@@ -13,7 +14,7 @@ export interface Server {
     readonly hostname: string;
     ready: Promise<void>;
 }
-export declare function readBody(req: IncomingMessage): Promise<Buffer>;
+export declare function readBody(req: IncomingMessage, maxSize?: number): Promise<Buffer>;
 export declare function createRequest(req: IncomingMessage, body: Buffer): [Request, Record<string, string>];
 export declare function sendResponse(res: ServerResponse, response: Response): Promise<void>;
 export declare function serve(handler: Handler, options?: ServeOptions): Server;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "weifuwu",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "Web-standard HTTP framework for Node.js — (req, ctx) => Response",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",