Bugfix 2022 11 01 (#2628)

* fix: 修复【Mongo 注入获取 token】的问题 * chore: up version * chore: 关闭 Pre-request Script 和 Pre-response Script v1.11.0 之后如下脚本功能关闭,如需打开,请联系管理员添加. 在 db, mail 同级配置 scriptEnable: true, 并重启服务即可 Co-authored-by: ariesly <ariesly@arieslymac13.local>
2025-04-24 15:30:44 +08:00 · 2022-11-01 23:00:20 +08:00 · 2022-11-01 23:00:20 +08:00 · 59bade3a8a
commit 59bade3a8a
parent ed6771a25a
5 changed files with 31 additions and 33 deletions
--- a/common/postmanLib.js
+++ b/common/postmanLib.js
@ -300,7 +300,13 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex
    axios: axios
  });

-  if (preScript) {
+  let scriptEnable = false;
+  try {
+    const yapi = require('../server/yapi');
+    scriptEnable = yapi.WEBCONFIG.scriptEnable === true;
+  } catch (err) {}
+
+  if (preScript && scriptEnable) {
    context = await sandbox(context, preScript);
    defaultOptions.url = options.url = URL.format({
      protocol: urlObj.protocol,
@ -340,7 +346,7 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex
    });
  }

-  if (afterScript) {
+  if (afterScript && scriptEnable) {
    context.responseData = data.res.body;
    context.responseHeader = data.res.header;
    context.responseStatus = data.res.status;
--- a/package-lock.json
+++ b/package-lock.json
@ -157,16 +157,16 @@
    },
    "@types/mkdirp": {
      "version": "0.5.2",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/@types/mkdirp/download/@types/mkdirp-0.5.2.tgz",
-      "integrity": "sha1-UDqs/lzCcD1UhDJrGyfvpnoznB8=",
+      "resolved": "https://registry.npmmirror.com/@types/mkdirp/-/mkdirp-0.5.2.tgz",
+      "integrity": "sha512-U5icWpv7YnZYGsN4/cmh3WD2onMY0aJIiTE6+51TwJCttdHvtCYmkBNOobHlXwrJRL0nkH9jH4kD+1FAdMN4Tg==",
      "requires": {
        "@types/node": "*"
      }
    },
    "@types/mz": {
      "version": "0.0.32",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/@types/mz/download/@types/mz-0.0.32.tgz",
-      "integrity": "sha1-6CSLTkFCTAUu3Bcl3TNlDDE6Nlk=",
+      "resolved": "https://registry.npmmirror.com/@types/mz/-/mz-0.0.32.tgz",
+      "integrity": "sha512-cy3yebKhrHuOcrJGkfwNHhpTXQLgmXSv1BX+4p32j+VUQ6aP2eJ5cL7OvGcAQx75fCTFaAIIAKewvqL+iwSd4g==",
      "requires": {
        "@types/node": "*"
      }
@ -6281,11 +6281,6 @@
        "randombytes": "^2.0.0"
      }
    },
-    "dify": {
-      "version": "1.0.5",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/dify/download/dify-1.0.5.tgz",
-      "integrity": "sha1-LpsBVOwTCrklVyasTOzrnXM4zwM="
-    },
    "dir-glob": {
      "version": "2.0.0",
      "resolved": "http://registry.npm.taobao.org/dir-glob/download/dir-glob-2.0.0.tgz",
@ -16063,12 +16058,9 @@
      }
    },
    "ntils": {
-      "version": "4.1.0",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/ntils/download/ntils-4.1.0.tgz",
-      "integrity": "sha1-T70d0UrBfeHMNa2G6a/QGEtrMFc=",
-      "requires": {
-        "dify": "^1.0.2"
-      }
+      "version": "4.2.0",
+      "resolved": "https://registry.npmmirror.com/ntils/-/ntils-4.2.0.tgz",
+      "integrity": "sha512-0hkj8o0r2AWTfdg9l+s2x0EYEVgTGxXMHWoCXhPfWaOsjL+79fImaLRIGbgTPBfI1p8zCg/zSP3AXy6iy2qghQ=="
    },
    "num2fraction": {
      "version": "1.2.2",
@ -22127,8 +22119,8 @@
    },
    "safeify": {
      "version": "5.0.5",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/safeify/download/safeify-5.0.5.tgz",
-      "integrity": "sha1-jTS/53q45WHKE2TBgPXijD+SFhc=",
+      "resolved": "https://registry.npmmirror.com/safeify/-/safeify-5.0.5.tgz",
+      "integrity": "sha512-ZDSsl4qA1fWe+/F/diGIPg58fDhwPUaANlZBOiEMVzW4ZmdUr9W4ED05A23X9gMyQEPiKmKMa7t+2sL5cR2ewg==",
      "requires": {
        "@types/mkdirp": "^0.5.2",
        "@types/mz": "^0.0.32",
@ -22631,8 +22623,8 @@
    },
    "shify": {
      "version": "3.0.6",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/shify/download/shify-3.0.6.tgz",
-      "integrity": "sha1-TfJ+e4W66IRGmkdouI8vJ4QFEDs=",
+      "resolved": "https://registry.npmmirror.com/shify/-/shify-3.0.6.tgz",
+      "integrity": "sha512-BtQxYyIx5plcMSoZZYMQafh8Go8wRRlOdWXehdli7YfMsg3SLtYqnLk8PB8tMIXWrZdE8e0gBCfY4JSa9BiA+w==",
      "requires": {
        "ntils": "^2.1.2",
        "stp": "^0.0.4"
@ -22640,8 +22632,8 @@
      "dependencies": {
        "ntils": {
          "version": "2.1.2",
-          "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/ntils/download/ntils-2.1.2.tgz",
-          "integrity": "sha1-d9PWWD6PycuzydjlsX+RpV2EKq8="
+          "resolved": "https://registry.npmmirror.com/ntils/-/ntils-2.1.2.tgz",
+          "integrity": "sha512-DUFVS/SIHTvwG9zSRHfajruSaydSdhu871tN2F6+KjnOi9pzjjXZ/IpoZbAjPthLDKedOHS/6COy/drTyzt+AA=="
        }
      }
    },
@ -23525,8 +23517,8 @@
    },
    "stp": {
      "version": "0.0.4",
-      "resolved": "https://repo.corp.qunar.com/artifactory/api/npm/npm-qunar/stp/download/stp-0.0.4.tgz",
-      "integrity": "sha1-72vVDhs6Ec96+m7BZeJH3+DBeYI="
+      "resolved": "https://registry.npmmirror.com/stp/-/stp-0.0.4.tgz",
+      "integrity": "sha512-Skret+kXnxeIcxzt3WK0Ub60st6NhVDvCBTJqYgYrNzF8MuBym3aPLIE8NQp0J2KfDofTD1oAw9luHz7ce4ZGQ=="
    },
    "stream-browserify": {
      "version": "2.0.1",
@ -24584,8 +24576,8 @@
    },
    "tslib": {
      "version": "1.8.0",
-      "resolved": "http://npmrepo.corp.qunar.com/tslib/-/tslib-1.8.0.tgz",
-      "integrity": "sha1-3GBOutZLy/aW1hPabJVKoOfqHrY="
+      "resolved": "https://registry.npmmirror.com/tslib/-/tslib-1.8.0.tgz",
+      "integrity": "sha512-ymKWWZJST0/CkgduC2qkzjMOWr4bouhuURNXCn/inEX0L57BnRG6FhX76o7FOnsjHazCjfU2LKeSrlS2sIKQJg=="
    },
    "tty-browserify": {
      "version": "0.0.0",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "yapi-vendor",
-  "version": "1.10.2",
+  "version": "1.11.0",
  "description": "YAPI",
  "main": "server/app.js",
  "scripts": {
--- a/server/controllers/base.js
+++ b/server/controllers/base.js
@ -59,8 +59,8 @@ class baseController {
    let token = params.token;

    // 如果前缀是 /api/open，执行 parse token 逻辑
-    if (token && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) {
-      
+    if (token && typeof token === 'string' && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) {
+
      let tokens = parseToken(token)

      const oldTokenUid = '999999'
@ -83,7 +83,7 @@ class baseController {
      //   }
      //   return (this.$tokenAuth = true);
      // }
-      
+
      let checkId = await this.getProjectIdByToken(token);
      if(!checkId){
        ctx.body = yapi.commons.resReturn(null, 42014, 'token 无效');
@ -105,7 +105,7 @@ class baseController {
          let userInst = yapi.getInst(userModel); //创建user实体
          result = await userInst.findById(tokenUid);
        }
-        
+
        this.$user = result;
        this.$auth = true;
      }
--- a/server/middleware/mockServer.js
+++ b/server/middleware/mockServer.js
@ -328,7 +328,7 @@ module.exports = async (ctx, next) => {
      if (project.is_mock_open && project.project_mock_script) {
        // 项目层面的mock脚本解析
        let script = project.project_mock_script;
-        yapi.commons.handleMockScript(script, context);
+        await yapi.commons.handleMockScript(script, context);
      }

      await yapi.emitHook('mock_after', context);