Merge branch 'master' into master

2025-03-31 14:50:26 +08:00 · 2021-08-23 15:47:34 +08:00 · 2021-08-23 15:47:34 +08:00 · 0eb16a779c
commit 0eb16a779c
parent 10164dc2ca d2e67414d5
7 changed files with 39 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@

 体验地址：

-[https://yapi.baidu.com](https://yapi.baidu.com)
+[http://yapi.smart-xwork.cn/](http://yapi.smart-xwork.cn/)

 文档：
 <p><a target="_blank" href="https://hellosean1025.github.io/yapi">hellosean1025.github.io/yapi</a></p>
@ -60,6 +60,7 @@ YApi 是<strong>高效</strong>、<strong>易用</strong>、<strong>功能强大
 * [使用 YApi 管理 API 文档，测试， mock](https://juejin.im/post/5acc879f6fb9a028c42e8822)
 * [自动更新 Swagger 接口数据到 YApi 平台](https://juejin.im/post/5af500e251882567096140dd)
 * [自动化测试](https://juejin.im/post/5a388892f265da430e4f4681)
+* [GTest(基于YApi)接口研发效能提升10倍 实战](https://mp.weixin.qq.com/s/z66f7bRX8aAOppAtBIB7Uw)

 ### YApi 插件
 * [yapi sso 登录插件](https://github.com/YMFE/yapi-plugin-qsso)
@ -75,6 +76,7 @@ YApi 是<strong>高效</strong>、<strong>易用</strong>、<strong>功能强大
 ### 代码生成
 * [yapi-to-typescript：根据 YApi 的接口定义生成 TypeScript 的请求函数](https://github.com/fjc0k/yapi-to-typescript)
 * [yapi-gen-js-code: 根据 YApi 的接口定义生成 javascript 的请求函数](https://github.com/hellosean1025/yapi-gen-js-code)
+* [SwiftJSONModeler:根据 YApi 的接口生成 Swift 模型代码](https://github.com/CodeOcenS/SwiftJSONModeler)

 ### YApi docker部署（非官方）
 * [使用 alpine 版 docker 镜像快速部署 yapi](https://www.jianshu.com/p/a97d2efb23c5)
@ -90,6 +92,7 @@ YApi 是<strong>高效</strong>、<strong>易用</strong>、<strong>功能强大
 * [idea 接口上传调试插件 easy-yapi](https://easyyapi.com/)
 * [执行 postgres sql 的服务](https://github.com/shouldnotappearcalm/http-postgres-server)
 * [SpringBoot依赖自动生成YApi](https://github.com/NoBugBoy/YDoc)
+* [Yapi X 一键生成接口文档, 上传到yapi, rap2, eolinker等（IDEA插件）](https://github.com/jetplugins/yapix)

 ### YApi 的一些客户
 * 去哪儿
@ -109,6 +112,8 @@ YApi 是<strong>高效</strong>、<strong>易用</strong>、<strong>功能强大
 * 新浪
 * VIPKID
 * 马蜂窝
+* 伴鱼
+* 旷视科技

 ### Authors
 * [hellosean1025](https://github.com/hellosean1025)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues at js@liyi.im
--- a/docs/documents/plugin-list.md
+++ b/docs/documents/plugin-list.md
@ -7,4 +7,5 @@ Fork [yapi](https://github.com/YMFE/yapi), 然后修改 docs/documents/plugin-li
 * [qsso](https://github.com/ymfe/yapi-plugin-qsso) sso 第三方登录
 * [import-rap](https://github.com/wxxcarl/yapi-plugin-import-rap) 从rap中导入项目
 * [export-docx-data](https://github.com/inceptiongt/Yapi-plugin-export-docx-data) 数据导出docx文档
-* [import-swagger-customize](https://github.com/follow-my-heart/yapi-plugin-import-swagger-customize) 导入指定swagger接口
+* [import-swagger-customize](https://github.com/follow-my-heart/yapi-plugin-import-swagger-customize) 导入指定swagger接口
+* [autotest](https://github.com/duicym/yapi-plugin-autotest) 定时自动测试发送钉钉插件
--- a/exts/yapi-plugin-advanced-mock/server.js
+++ b/exts/yapi-plugin-advanced-mock/server.js
@ -207,6 +207,6 @@ module.exports = function() {

    // mock 脚本
    let script = data.mock_script;
-    yapi.commons.handleMockScript(script, context);
+    await yapi.commons.handleMockScript(script, context);
  });
 };
--- a/package.json
+++ b/package.json
@ -74,16 +74,17 @@
    "node-schedule": "^1.3.2",
    "nodemailer": "4.0.1",
    "os": "0.1.1",
+    "qs": "^6.7.0",
    "request": "2.81.0",
+    "safeify": "^5.0.5",
    "sha.js": "2.4.9",
    "sha1": "1.1.1",
    "swagger-client": "^3.5.1",
    "tslib": "1.8.0",
    "underscore": "1.8.3",
    "url": "0.11.0",
-    "yapi-plugin-qsso": "^1.1.0",
-    "qs": "^6.7.0",
-    "vm2": "^3.8.4"
+    "vm2": "^3.8.4",
+    "yapi-plugin-qsso": "^1.1.0"
  },
  "devDependencies": {
    "antd": "3.2.2",
--- a/server/utils/commons.js
+++ b/server/utils/commons.js
@ -13,6 +13,7 @@ const json5 = require('json5');
 const _ = require('underscore');
 const Ajv = require('ajv');
 const Mock = require('mockjs');
+const sandboxFn = require('./sandbox')



@ -576,7 +577,7 @@ ${JSON.stringify(schema, null, 2)}`)
      // script 是断言
      if (globalScript) {
        logs.push('执行脚本：' + globalScript)
-        result = yapi.commons.sandbox(context, globalScript);
+        result = await sandboxFn(context, globalScript);
      }
    }

@ -585,7 +586,7 @@ ${JSON.stringify(schema, null, 2)}`)
    // script 是断言
    if (script) {
      logs.push('执行脚本:' + script)
-      result = yapi.commons.sandbox(context, script);
+      result = await sandboxFn(context, script);
    }
    result.logs = logs;
    return yapi.commons.resReturn(result);
@ -613,7 +614,7 @@ exports.getUserdata = async function getUserdata(uid, role) {
 };

 // 处理mockJs脚本
-exports.handleMockScript = function (script, context) {
+exports.handleMockScript = async function (script, context) {
  let sandbox = {
    header: context.ctx.header,
    query: context.ctx.query,
@ -632,7 +633,7 @@ exports.handleMockScript = function (script, context) {
      var parts = Cookie.split('=');
      sandbox.cookie[parts[0].trim()] = (parts[1] || '').trim();
    });
-  sandbox = yapi.commons.sandbox(sandbox, script);
+  sandbox = await sandboxFn(sandbox, script);
  sandbox.delay = isNaN(sandbox.delay) ? 0 : +sandbox.delay;

  context.mockJson = sandbox.mockJson;
--- a/server/utils/sandbox.js
+++ b/server/utils/sandbox.js
@ -0,0 +1,16 @@
+const Safeify = require('safeify').default;
+
+module.exports = async function sandboxFn(context, script) {
+    // 创建 safeify 实例
+    const safeVm = new Safeify({
+        timeout: 3000,
+        asyncTimeout: 60000
+    })
+
+    // 执行动态代码
+    const result = await safeVm.run(script, context)
+
+    // 释放资源
+    safeVm.destroy()
+    return result
+}