From 59bade3a8a43e7db077d38a4b0c7c584f30ddf8c Mon Sep 17 00:00:00 2001 From: ariesly15 Date: Tue, 1 Nov 2022 23:00:20 +0800 Subject: [PATCH] Bugfix 2022 11 01 (#2628) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: 修复【Mongo 注入获取 token】的问题 * chore: up version * chore: 关闭 Pre-request Script 和 Pre-response Script v1.11.0 之后 如下脚本功能关闭,如需打开,请联系管理员添加. 在 db, mail 同级配置 scriptEnable: true, 并重启服务 即可 Co-authored-by: ariesly --- common/postmanLib.js | 10 ++++++-- package-lock.json | 42 +++++++++++++-------------------- package.json | 2 +- server/controllers/base.js | 8 +++---- server/middleware/mockServer.js | 2 +- 5 files changed, 31 insertions(+), 33 deletions(-) diff --git a/common/postmanLib.js b/common/postmanLib.js index 63f904277..00d94fca5 100644 --- a/common/postmanLib.js +++ b/common/postmanLib.js @@ -300,7 +300,13 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex axios: axios }); - if (preScript) { + let scriptEnable = false; + try { + const yapi = require('../server/yapi'); + scriptEnable = yapi.WEBCONFIG.scriptEnable === true; + } catch (err) {} + + if (preScript && scriptEnable) { context = await sandbox(context, preScript); defaultOptions.url = options.url = URL.format({ protocol: urlObj.protocol, @@ -340,7 +346,7 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex }); } - if (afterScript) { + if (afterScript && scriptEnable) { context.responseData = data.res.body; context.responseHeader = data.res.header; context.responseStatus = data.res.status; diff --git a/package-lock.json b/package-lock.json index 15e612d70..b289f8f3a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -157,16 +157,16 @@ }, "@types/mkdirp": { "version": "0.5.2", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/@types/mkdirp/download/@types/mkdirp-0.5.2.tgz", - "integrity": "sha1-UDqs/lzCcD1UhDJrGyfvpnoznB8=", + "resolved": "https://registry.npmmirror.com/@types/mkdirp/-/mkdirp-0.5.2.tgz", + "integrity": "sha512-U5icWpv7YnZYGsN4/cmh3WD2onMY0aJIiTE6+51TwJCttdHvtCYmkBNOobHlXwrJRL0nkH9jH4kD+1FAdMN4Tg==", "requires": { "@types/node": "*" } }, "@types/mz": { "version": "0.0.32", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/@types/mz/download/@types/mz-0.0.32.tgz", - "integrity": "sha1-6CSLTkFCTAUu3Bcl3TNlDDE6Nlk=", + "resolved": "https://registry.npmmirror.com/@types/mz/-/mz-0.0.32.tgz", + "integrity": "sha512-cy3yebKhrHuOcrJGkfwNHhpTXQLgmXSv1BX+4p32j+VUQ6aP2eJ5cL7OvGcAQx75fCTFaAIIAKewvqL+iwSd4g==", "requires": { "@types/node": "*" } @@ -6281,11 +6281,6 @@ "randombytes": "^2.0.0" } }, - "dify": { - "version": "1.0.5", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/dify/download/dify-1.0.5.tgz", - "integrity": "sha1-LpsBVOwTCrklVyasTOzrnXM4zwM=" - }, "dir-glob": { "version": "2.0.0", "resolved": "http://registry.npm.taobao.org/dir-glob/download/dir-glob-2.0.0.tgz", @@ -16063,12 +16058,9 @@ } }, "ntils": { - "version": "4.1.0", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/ntils/download/ntils-4.1.0.tgz", - "integrity": "sha1-T70d0UrBfeHMNa2G6a/QGEtrMFc=", - "requires": { - "dify": "^1.0.2" - } + "version": "4.2.0", + "resolved": "https://registry.npmmirror.com/ntils/-/ntils-4.2.0.tgz", + "integrity": "sha512-0hkj8o0r2AWTfdg9l+s2x0EYEVgTGxXMHWoCXhPfWaOsjL+79fImaLRIGbgTPBfI1p8zCg/zSP3AXy6iy2qghQ==" }, "num2fraction": { "version": "1.2.2", @@ -22127,8 +22119,8 @@ }, "safeify": { "version": "5.0.5", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/safeify/download/safeify-5.0.5.tgz", - "integrity": "sha1-jTS/53q45WHKE2TBgPXijD+SFhc=", + "resolved": "https://registry.npmmirror.com/safeify/-/safeify-5.0.5.tgz", + "integrity": "sha512-ZDSsl4qA1fWe+/F/diGIPg58fDhwPUaANlZBOiEMVzW4ZmdUr9W4ED05A23X9gMyQEPiKmKMa7t+2sL5cR2ewg==", "requires": { "@types/mkdirp": "^0.5.2", "@types/mz": "^0.0.32", @@ -22631,8 +22623,8 @@ }, "shify": { "version": "3.0.6", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/shify/download/shify-3.0.6.tgz", - "integrity": "sha1-TfJ+e4W66IRGmkdouI8vJ4QFEDs=", + "resolved": "https://registry.npmmirror.com/shify/-/shify-3.0.6.tgz", + "integrity": "sha512-BtQxYyIx5plcMSoZZYMQafh8Go8wRRlOdWXehdli7YfMsg3SLtYqnLk8PB8tMIXWrZdE8e0gBCfY4JSa9BiA+w==", "requires": { "ntils": "^2.1.2", "stp": "^0.0.4" @@ -22640,8 +22632,8 @@ "dependencies": { "ntils": { "version": "2.1.2", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/ntils/download/ntils-2.1.2.tgz", - "integrity": "sha1-d9PWWD6PycuzydjlsX+RpV2EKq8=" + "resolved": "https://registry.npmmirror.com/ntils/-/ntils-2.1.2.tgz", + "integrity": "sha512-DUFVS/SIHTvwG9zSRHfajruSaydSdhu871tN2F6+KjnOi9pzjjXZ/IpoZbAjPthLDKedOHS/6COy/drTyzt+AA==" } } }, @@ -23525,8 +23517,8 @@ }, "stp": { "version": "0.0.4", - "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/stp/download/stp-0.0.4.tgz", - "integrity": "sha1-72vVDhs6Ec96+m7BZeJH3+DBeYI=" + "resolved": "https://registry.npmmirror.com/stp/-/stp-0.0.4.tgz", + "integrity": "sha512-Skret+kXnxeIcxzt3WK0Ub60st6NhVDvCBTJqYgYrNzF8MuBym3aPLIE8NQp0J2KfDofTD1oAw9luHz7ce4ZGQ==" }, "stream-browserify": { "version": "2.0.1", @@ -24584,8 +24576,8 @@ }, "tslib": { "version": "1.8.0", - "resolved": "http://npmrepo.corp.qunar.com/tslib/-/tslib-1.8.0.tgz", - "integrity": "sha1-3GBOutZLy/aW1hPabJVKoOfqHrY=" + "resolved": "https://registry.npmmirror.com/tslib/-/tslib-1.8.0.tgz", + "integrity": "sha512-ymKWWZJST0/CkgduC2qkzjMOWr4bouhuURNXCn/inEX0L57BnRG6FhX76o7FOnsjHazCjfU2LKeSrlS2sIKQJg==" }, "tty-browserify": { "version": "0.0.0", diff --git a/package.json b/package.json index e80a4a515..1b05f8db6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "yapi-vendor", - "version": "1.10.2", + "version": "1.11.0", "description": "YAPI", "main": "server/app.js", "scripts": { diff --git a/server/controllers/base.js b/server/controllers/base.js index 38ec33b31..fd7a2827d 100755 --- a/server/controllers/base.js +++ b/server/controllers/base.js @@ -59,8 +59,8 @@ class baseController { let token = params.token; // 如果前缀是 /api/open,执行 parse token 逻辑 - if (token && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) { - + if (token && typeof token === 'string' && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) { + let tokens = parseToken(token) const oldTokenUid = '999999' @@ -83,7 +83,7 @@ class baseController { // } // return (this.$tokenAuth = true); // } - + let checkId = await this.getProjectIdByToken(token); if(!checkId){ ctx.body = yapi.commons.resReturn(null, 42014, 'token 无效'); @@ -105,7 +105,7 @@ class baseController { let userInst = yapi.getInst(userModel); //创建user实体 result = await userInst.findById(tokenUid); } - + this.$user = result; this.$auth = true; } diff --git a/server/middleware/mockServer.js b/server/middleware/mockServer.js index c77d9ebcd..b188fea45 100755 --- a/server/middleware/mockServer.js +++ b/server/middleware/mockServer.js @@ -328,7 +328,7 @@ module.exports = async (ctx, next) => { if (project.is_mock_open && project.project_mock_script) { // 项目层面的mock脚本解析 let script = project.project_mock_script; - yapi.commons.handleMockScript(script, context); + await yapi.commons.handleMockScript(script, context); } await yapi.emitHook('mock_after', context);