Bugfix 2022 11 01 (#2628)

* fix: 修复【Mongo 注入获取 token】的问题 * chore: up version * chore: 关闭 Pre-request Script 和 Pre-response Script v1.11.0 之后如下脚本功能关闭,如需打开,请联系管理员添加. 在 db, mail 同级配置 scriptEnable: true, 并重启服务即可 Co-authored-by: ariesly <[email protected]>
YMFE · Nov 1, 2022 · 59bade3 · GpingFeng · Nov 11, 2022 · tangpo
1 parent ed6771a
commit 59bade3
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 33 deletions.
diff --git a/common/postmanLib.js b/common/postmanLib.js
@@ -300,7 +300,13 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex
     axios: axios
   });
 
-  if (preScript) {
+  let scriptEnable = false;
+  try {
+    const yapi = require('../server/yapi');
+    scriptEnable = yapi.WEBCONFIG.scriptEnable === true;
+  } catch (err) {}
+
+  if (preScript && scriptEnable) {
     context = await sandbox(context, preScript);
     defaultOptions.url = options.url = URL.format({
       protocol: urlObj.protocol,
@@ -340,7 +346,7 @@ async function crossRequest(defaultOptions, preScript, afterScript, commonContex
     });
   }
 
-  if (afterScript) {
+  if (afterScript && scriptEnable) {
     context.responseData = data.res.body;
     context.responseHeader = data.res.header;
     context.responseStatus = data.res.status;

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "yapi-vendor",
-  "version": "1.10.2",
+  "version": "1.11.0",
   "description": "YAPI",
   "main": "server/app.js",
   "scripts": {

diff --git a/server/controllers/base.js b/server/controllers/base.js
@@ -59,8 +59,8 @@ class baseController {
     let token = params.token;
 
     // 如果前缀是 /api/open，执行 parse token 逻辑
-    if (token && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) {
-      
+    if (token && typeof token === 'string' && (openApiRouter.indexOf(ctx.path) > -1 || ctx.path.indexOf('/api/open/') === 0 )) {
+
       let tokens = parseToken(token)
 
       const oldTokenUid = '999999'
@@ -83,7 +83,7 @@ class baseController {
       //   }
       //   return (this.$tokenAuth = true);
       // }
-      
+
       let checkId = await this.getProjectIdByToken(token);
       if(!checkId){
         ctx.body = yapi.commons.resReturn(null, 42014, 'token 无效');
@@ -105,7 +105,7 @@ class baseController {
           let userInst = yapi.getInst(userModel); //创建user实体
           result = await userInst.findById(tokenUid);
         }
-        
+
         this.$user = result;
         this.$auth = true;
       }

diff --git a/server/middleware/mockServer.js b/server/middleware/mockServer.js
@@ -328,7 +328,7 @@ module.exports = async (ctx, next) => {
       if (project.is_mock_open && project.project_mock_script) {
         // 项目层面的mock脚本解析
         let script = project.project_mock_script;
-        yapi.commons.handleMockScript(script, context);
+        await yapi.commons.handleMockScript(script, context);
       }
 
       await yapi.emitHook('mock_after', context);