whistle.mockbubu 1.0.0-dev.4 → 2.0.0-beta.0

package/lib/archive-utils.js

@@ -0,0 +1,332 @@
+/**
+ * 压缩包工具函数
+ * 使用 Node.js 内置 API，无需额外依赖
+ */
+const fs = require('fs').promises
+const path = require('path')
+const zlib = require('zlib')
+const { createReadStream, createWriteStream } = require('fs')
+const { pipeline } = require('stream/promises')
+const os = require('os')
+
+/**
+ * 递归复制目录
+ */
+async function copyDirectory(src, dest) {
+  await fs.mkdir(dest, { recursive: true })
+  const entries = await fs.readdir(src, { withFileTypes: true })
+
+  for (const entry of entries) {
+    const srcPath = path.join(src, entry.name)
+    const destPath = path.join(dest, entry.name)
+
+    if (entry.isDirectory()) {
+      await copyDirectory(srcPath, destPath)
+    } else {
+      await fs.copyFile(srcPath, destPath)
+    }
+  }
+}
+
+/**
+ * 递归读取目录，返回所有文件路径
+ */
+async function getAllFiles(dir, baseDir = dir) {
+  const files = []
+  const entries = await fs.readdir(dir, { withFileTypes: true })
+
+  for (const entry of entries) {
+    const fullPath = path.join(dir, entry.name)
+    if (entry.isDirectory()) {
+      files.push(...await getAllFiles(fullPath, baseDir))
+    } else {
+      files.push({
+        path: fullPath,
+        name: path.relative(baseDir, fullPath),
+      })
+    }
+  }
+
+  return files
+}
+
+/**
+ * 创建 tar.gz 压缩包
+ * 使用 Node.js 内置 zlib + tar 格式手动实现
+ */
+async function createTarGz(sourceDir, outputFile) {
+  // 获取所有文件
+  const files = await getAllFiles(sourceDir)
+
+  // 创建 tar 文件
+  const tarPath = outputFile.replace(/\.gz$/, '')
+  await createTar(sourceDir, tarPath, files)
+
+  // gzip 压缩
+  await new Promise((resolve, reject) => {
+    const input = createReadStream(tarPath)
+    const output = createWriteStream(outputFile)
+    const gzip = zlib.createGzip()
+
+    pipeline(input, gzip, output)
+      .then(() => {
+        // 删除临时 tar 文件
+        fs.unlink(tarPath).catch(() => {})
+        resolve()
+      })
+      .catch(reject)
+  })
+}
+
+/**
+ * 创建 tar 文件（简化实现，支持基本的 tar 格式）
+ */
+async function createTar(sourceDir, outputFile, files) {
+  const output = createWriteStream(outputFile)
+
+  for (const file of files) {
+    const stat = await fs.stat(file.path)
+    const content = await fs.readFile(file.path)
+
+    // 写入 tar header (512 bytes)
+    const header = createTarHeader(file.name, stat.size)
+    output.write(header)
+
+    // 写入文件内容
+    output.write(content)
+
+    // 对齐到 512 字节边界
+    const padding = 512 - (content.length % 512)
+    if (padding < 512) {
+      output.write(Buffer.alloc(padding, 0))
+    }
+  }
+
+  // 写入结束标记（两个 512 字节的零块）
+  output.write(Buffer.alloc(1024, 0))
+  output.end()
+
+  return new Promise((resolve, reject) => {
+    output.on('finish', resolve)
+    output.on('error', reject)
+  })
+}
+
+/**
+ * 创建 tar header (POSIX ustar 格式)
+ */
+function createTarHeader(filename, size) {
+  const header = Buffer.alloc(512, 0)
+
+  // 文件名 (100 bytes)
+  header.write(filename, 0, 100, 'utf8')
+
+  // 文件模式 (8 bytes) - 0644
+  header.write('0000644 ', 100, 8, 'utf8')
+
+  // UID (8 bytes)
+  header.write('0000000 ', 108, 8, 'utf8')
+
+  // GID (8 bytes)
+  header.write('0000000 ', 116, 8, 'utf8')
+
+  // 文件大小 (12 bytes, 8进制)
+  const sizeOctal = size.toString(8).padStart(11, '0') + ' '
+  header.write(sizeOctal, 124, 12, 'utf8')
+
+  // 修改时间 (12 bytes, 8进制)
+  const mtime = Math.floor(Date.now() / 1000).toString(8).padStart(11, '0') + ' '
+  header.write(mtime, 136, 12, 'utf8')
+
+  // Checksum (8 bytes) - 先填充空格
+  header.write('        ', 148, 8, 'utf8')
+
+  // 文件类型 (1 byte) - '0' = 普通文件
+  header.write('0', 156, 1, 'utf8')
+
+  // ustar 标识 (6 bytes)
+  header.write('ustar', 257, 6, 'utf8')
+
+  // ustar 版本 (2 bytes)
+  header.write('00', 263, 2, 'utf8')
+
+  // 计算 checksum
+  let checksum = 0
+  for (let i = 0; i < 512; i++) {
+    checksum += header[i]
+  }
+  const checksumOctal = checksum.toString(8).padStart(6, '0') + '\0 '
+  header.write(checksumOctal, 148, 8, 'utf8')
+
+  return header
+}
+
+/**
+ * 解压 tar.gz 文件
+ */
+async function extractTarGz(archiveFile, destDir) {
+  // 先 gunzip 解压
+  const tarPath = path.join(os.tmpdir(), `extract-${Date.now()}.tar`)
+
+  await new Promise((resolve, reject) => {
+    const input = createReadStream(archiveFile)
+    const output = createWriteStream(tarPath)
+    const gunzip = zlib.createGunzip()
+
+    pipeline(input, gunzip, output)
+      .then(resolve)
+      .catch(reject)
+  })
+
+  // 解压 tar
+  await extractTar(tarPath, destDir)
+
+  // 删除临时 tar 文件
+  await fs.unlink(tarPath).catch(() => {})
+}
+
+/**
+ * 解压 tar 文件
+ */
+async function extractTar(tarFile, destDir) {
+  const buffer = await fs.readFile(tarFile)
+  let offset = 0
+
+  while (offset < buffer.length) {
+    // 检查是否到达结束标记
+    if (buffer[offset] === 0) {
+      break
+    }
+
+    // 读取 header
+    const header = buffer.subarray(offset, offset + 512)
+
+    // 读取文件名
+    const filename = header.subarray(0, 100).toString('utf8').replace(/\0.*$/, '')
+    if (!filename) break
+
+    // 读取文件大小
+    const sizeStr = header.subarray(124, 136).toString('utf8').trim()
+    const size = parseInt(sizeStr, 8)
+
+    // 跳过 header
+    offset += 512
+
+    // 读取文件内容
+    const content = buffer.subarray(offset, offset + size)
+
+    // 写入文件
+    const filepath = path.join(destDir, filename)
+    await fs.mkdir(path.dirname(filepath), { recursive: true })
+    await fs.writeFile(filepath, content)
+
+    // 移动到下一个文件（对齐到 512 字节）
+    const padding = 512 - (size % 512)
+    offset += size + (padding < 512 ? padding : 0)
+  }
+}
+
+/**
+ * 文件名安全处理（移除特殊字符）
+ */
+function sanitizeFilename(filename) {
+  // eslint-disable-next-line no-control-regex
+  return filename.replace(/[<>:"/\\|?*\x00-\x1F]/g, '_')
+}
+
+/**
+ * 检查路径是否在指定目录内（防止路径遍历攻击）
+ */
+function isPathSafe(filepath, baseDir) {
+  const normalized = path.normalize(filepath)
+  const relative = path.relative(baseDir, normalized)
+  return !relative.startsWith('..') && !path.isAbsolute(relative)
+}
+
+/**
+ * 解析 multipart/form-data 文件上传（原生实现）
+ */
+async function parseMultipartFile(ctx) {
+  return new Promise((resolve, reject) => {
+    const contentType = ctx.request.headers['content-type']
+    if (!contentType || !contentType.includes('multipart/form-data')) {
+      reject(new Error('不是 multipart/form-data 格式'))
+      return
+    }
+
+    // 提取 boundary
+    const boundaryMatch = contentType.match(/boundary=(.+)/)
+    if (!boundaryMatch) {
+      reject(new Error('缺少 boundary'))
+      return
+    }
+    const boundary = '--' + boundaryMatch[1]
+
+    const chunks = []
+    ctx.req.on('data', chunk => chunks.push(chunk))
+    ctx.req.on('end', () => {
+      try {
+        const buffer = Buffer.concat(chunks)
+        const file = parseMultipartBuffer(buffer, boundary)
+        resolve(file)
+      } catch (err) {
+        reject(err)
+      }
+    })
+    ctx.req.on('error', reject)
+  })
+}
+
+/**
+ * 解析 multipart buffer
+ */
+function parseMultipartBuffer(buffer, boundary) {
+  const parts = []
+  let start = 0
+
+  while (start < buffer.length) {
+    // 查找 boundary
+    const boundaryIndex = buffer.indexOf(boundary, start)
+    if (boundaryIndex === -1) break
+
+    // 查找下一个 boundary
+    const nextBoundaryIndex = buffer.indexOf(boundary, boundaryIndex + boundary.length)
+    if (nextBoundaryIndex === -1) break
+
+    // 提取部分内容
+    const partBuffer = buffer.subarray(boundaryIndex + boundary.length, nextBoundaryIndex)
+
+    // 查找 headers 和 body 的分隔符（\r\n\r\n）
+    const headerEndIndex = partBuffer.indexOf('\r\n\r\n')
+    if (headerEndIndex !== -1) {
+      const headers = partBuffer.subarray(0, headerEndIndex).toString('utf8')
+      const body = partBuffer.subarray(headerEndIndex + 4, partBuffer.length - 2) // 去掉结尾的 \r\n
+
+      // 解析 Content-Disposition
+      const filenameMatch = headers.match(/filename="(.+?)"/)
+      const nameMatch = headers.match(/name="(.+?)"/)
+
+      if (filenameMatch) {
+        parts.push({
+          fieldname: nameMatch ? nameMatch[1] : 'file',
+          filename: filenameMatch[1],
+          buffer: body,
+        })
+      }
+    }
+
+    start = nextBoundaryIndex
+  }
+
+  return parts[0] // 返回第一个文件
+}
+
+module.exports = {
+  copyDirectory,
+  getAllFiles,
+  createTarGz,
+  extractTarGz,
+  sanitizeFilename,
+  isPathSafe,
+  parseMultipartFile,
+}

package/lib/const.js

@@ -26,3 +26,22 @@ exports.LockedFilterMap = {
   'locked': { key: 'locked', value: true, method: 'equal' },
   'unlocked': { key: 'locked', value: false, method: 'equal' },
 }
+
+// HTTP Method 筛选映射
+exports.MethodFilterMap = {
+  'GET': { key: 'method', value: 'GET', method: 'equal' },
+  'POST': { key: 'method', value: 'POST', method: 'equal' },
+  'PUT': { key: 'method', value: 'PUT', method: 'equal' },
+  'DELETE': { key: 'method', value: 'DELETE', method: 'equal' },
+  'PATCH': { key: 'method', value: 'PATCH', method: 'equal' },
+  'HEAD': { key: 'method', value: 'HEAD', method: 'equal' },
+  'OPTIONS': { key: 'method', value: 'OPTIONS', method: 'equal' },
+}
+
+// 状态码筛选映射（使用自定义 method: 'statusRange'）
+exports.StatusFilterMap = {
+  '2xx': { key: 'status', value: [200, 299], method: 'range' },
+  '3xx': { key: 'status', value: [300, 399], method: 'range' },
+  '4xx': { key: 'status', value: [400, 499], method: 'range' },
+  '5xx': { key: 'status', value: [500, 599], method: 'range' },
+}