Bugfix 2022 11 01 (#2628)

ariesly15 · ariesly · web-flow · commit 59bade3a8a43 · 2022-11-01T23:00:20.000+08:00
* fix: 修复【Mongo 注入获取 token】的问题

* chore: up version

* chore: 关闭 Pre-request Script 和 Pre-response Script

v1.11.0 之后 如下脚本功能关闭,如需打开,请联系管理员添加. 在 db, mail 同级配置 scriptEnable: true, 并重启服务 即可

Co-authored-by: ariesly &lt;ariesly@arieslymac13.local&gt;
diff --git a/common/postmanLib.js b/common/postmanLib.js
@@ -300,7 +300,13 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex
     axios: axios
   });
 
-  if (preScript) {
+  let scriptEnable = false;
+  try {
+    const yapi = require('../server/yapi');
+    scriptEnable = yapi.WEBCONFIG.scriptEnable === true;
+  } catch (err) {}
+
+  if (preScript && scriptEnable) {
     context = await sandbox(context, preScript);
     defaultOptions.url = options.url = URL.format({
       protocol: urlObj.protocol,
@@ -340,7 +346,7 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex
     });
   }
 
-  if (afterScript) {
+  if (afterScript && scriptEnable) {
     context.responseData = data.res.body;
     context.responseHeader = data.res.header;
     context.responseStatus = data.res.status;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "yapi-vendor",
-  "version": "1.10.2",
+  "version": "1.11.0",
   "description": "YAPI",
   "main": "server/app.js",
   "scripts": {
diff --git a/server/controllers/base.js b/server/controllers/base.js
@@ -59,8 +59,8 @@ class baseController {
     let token = params.token;
 
     // 如果前缀是 /api/open，执行 parse token 逻辑
-    if (token && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) {
-      
+    if (token && typeof token === 'string' && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) {
+
       let tokens = parseToken(token)
 
       const oldTokenUid = '999999'
@@ -83,7 +83,7 @@ class baseController {
       //   }
       //   return (this.$tokenAuth = true);
       // }
-      
+
       let checkId = await this.getProjectIdByToken(token);
       if(!checkId){
         ctx.body = yapi.commons.resReturn(null, 42014, 'token 无效');
@@ -105,7 +105,7 @@ class baseController {
           let userInst = yapi.getInst(userModel); //创建user实体
           result = await userInst.findById(tokenUid);
         }
-        
+
         this.$user = result;
         this.$auth = true;
       }
diff --git a/server/middleware/mockServer.js b/server/middleware/mockServer.js
@@ -328,7 +328,7 @@ module.exports = async (ctx, next) => {
       if (project.is_mock_open && project.project_mock_script) {
         // 项目层面的mock脚本解析
         let script = project.project_mock_script;
-        yapi.commons.handleMockScript(script, context);
+        await yapi.commons.handleMockScript(script, context);
       }
 
       await yapi.emitHook('mock_after', context);

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "yapi-vendor",`
`3`		`- "version": "1.10.2",`
	`3`	`+ "version": "1.11.0",`
`4`	`4`	`"description": "YAPI",`
`5`	`5`	`"main": "server/app.js",`
`6`	`6`	`"scripts": {`
Original file line number	Diff line number	Diff line change
`@@ -328,7 +328,7 @@ module.exports = async (ctx, next) => {`
`328`	`328`	`if (project.is_mock_open && project.project_mock_script) {`
`329`	`329`	`// 项目层面的mock脚本解析`
`330`	`330`	`let script = project.project_mock_script;`
`331`		`- yapi.commons.handleMockScript(script, context);`
	`331`	`+ await yapi.commons.handleMockScript(script, context);`
`332`	`332`	`}`
`333`	`333`
`334`	`334`	`await yapi.emitHook('mock_after', context);`