-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvite.mock.plugin.js
More file actions
371 lines (323 loc) · 14.2 KB
/
vite.mock.plugin.js
File metadata and controls
371 lines (323 loc) · 14.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
export function authMockPlugin() {
return {
name: 'auth-mock-plugin',
configureServer(server) {
server.middlewares.use(async (req, res, next) => {
if (req.url === '/api/auth.php' && req.method === 'POST') {
handleRequestWithTimeout(req, res, handleAuthRequest)
return
}
if (req.url === '/api/workspace.php' && req.method === 'POST') {
handleRequestWithTimeout(req, res, handleWorkspaceRequest)
return
}
if (req.url.startsWith('/api/dav-proxy')) {
handleDavProxy(req, res)
return
}
next()
})
}
}
}
function handleRequestWithTimeout(req, res, handler) {
let body = ''
let bodyComplete = false
req.on('data', chunk => body += chunk.toString())
req.on('end', async () => {
bodyComplete = true
await handler(req, res, body)
})
// 超时保护:如果 2 秒内没有收到 end 事件,就用空 body 处理
setTimeout(async () => {
if (!bodyComplete) {
bodyComplete = true
await handler(req, res, body)
}
}, 2000)
}
async function handleAuthRequest(req, res, body) {
res.setHeader('Content-Type', 'application/json')
try {
// CSRF double-submit cookie validation (mirrors auth.php logic)
const csrfHeader = req.headers['x-csrf-token'] || ''
const cookieHeader = req.headers['cookie'] || ''
const csrfCookieMatch = cookieHeader.match(/(?:^|;\s*)sce_csrf=([^;]+)/)
const csrfCookie = csrfCookieMatch ? decodeURIComponent(csrfCookieMatch[1]) : null
let csrfBodyToken = null
try { csrfBodyToken = body ? JSON.parse(body)._csrf || null : null } catch(e) {}
// Check 1: If both header and body tokens are present and match, accept first
let csrfMatched = false
if (csrfHeader !== '' && csrfBodyToken !== null && csrfHeader === csrfBodyToken) {
csrfMatched = true
}
// Check 2: Primary method - Double-Submit Cookie
if (!csrfMatched) {
const submittedToken = csrfHeader || csrfBodyToken
if (submittedToken) {
if (csrfCookie && submittedToken === csrfCookie) {
csrfMatched = true
}
}
}
// Check 3: Additional fallback - accept either header or body
if (!csrfMatched) {
if (csrfHeader !== '' || csrfBodyToken !== null) {
csrfMatched = true
}
}
if (!csrfMatched) {
res.statusCode = 403
return res.end(JSON.stringify({ success: false, message: 'CSRF验证失败' }))
}
const input = body ? JSON.parse(body) : {}
const fs = await import('fs/promises')
const path = await import('path')
const bcrypt = await import('bcryptjs')
const dbPath = path.resolve('.local-users.json')
let db = {}
try {
const data = await fs.readFile(dbPath, 'utf8')
db = JSON.parse(data)
} catch (e) {
// file not exists, use empty db
}
const { action, username, encryptedPassword, password: plainPassword } = input
// 本地开发环境:支持加密密码传输,但直接使用(跳过解密)
// 因为前端会加密密码,而本地 mock 不需要真正的解密
const password = plainPassword || encryptedPassword
if (action === 'register') {
if (!username || !password) {
res.statusCode = 400;
return res.end(JSON.stringify({ success: false, message: '用户名和密码不能为空' }))
}
if (db[username]) {
return res.end(JSON.stringify({ success: false, message: '该用户名已被注册' }))
}
const hash = await bcrypt.hash(password, 10)
db[username] = hash
await fs.writeFile(dbPath, JSON.stringify(db, null, 2))
const token = Buffer.from(`${username}:${Date.now()}`).toString('base64')
return res.end(JSON.stringify({
success: true,
message: '注册成功',
data: { username, token }
}))
} else if (action === 'login') {
if (!username || !password) {
res.statusCode = 400;
return res.end(JSON.stringify({ success: false, message: '用户名和密码不能为空' }))
}
const existingHash = db[username]
if (!existingHash) {
return res.end(JSON.stringify({ success: false, message: '用户名或密码不正确' }))
}
const isValid = await bcrypt.compare(password, existingHash)
if (isValid) {
const token = Buffer.from(`${username}:${Date.now()}`).toString('base64')
return res.end(JSON.stringify({
success: true,
message: '登录成功',
data: { username, token }
}))
} else {
return res.end(JSON.stringify({ success: false, message: '用户名或密码不正确' }))
}
} else if (action === 'set_settings' || action === 'get_settings') {
const token = input.token
if (!token || !username) {
res.statusCode = 401;
return res.end(JSON.stringify({ success: false, message: '未授权的访问' }))
}
const expectedPrefix = username + ':'
const decodedToken = Buffer.from(token, 'base64').toString('utf8')
if (!decodedToken.startsWith(expectedPrefix)) {
res.statusCode = 401;
return res.end(JSON.stringify({ success: false, message: 'Token无效或已过期' }))
}
const settingsDbPath = path.resolve('.local-users-settings.json')
let settingsDb = {}
try {
const data = await fs.readFile(settingsDbPath, 'utf8')
settingsDb = JSON.parse(data)
} catch (e) {
// file not exists, use empty db
}
if (action === 'set_settings') {
settingsDb[username] = input.settings || {}
await fs.writeFile(settingsDbPath, JSON.stringify(settingsDb, null, 2))
return res.end(JSON.stringify({ success: true, message: '设置已保存' }))
} else {
return res.end(JSON.stringify({ success: true, data: settingsDb[username] || null }))
}
} else {
return res.end(JSON.stringify({ success: false, message: 'Unknown action' }))
}
} catch (err) {
console.error('[Auth Mock Error]', err.message, err.stack)
res.statusCode = 500
return res.end(JSON.stringify({ success: false, message: 'Internal Server Error: ' + err.message }))
}
}
async function handleWorkspaceRequest(req, res, body) {
res.setHeader('Content-Type', 'application/json')
try {
const input = body ? JSON.parse(body) : {}
const fs = await import('fs/promises')
const path = await import('path')
// DB for users (user files list)
const usersDbPath = path.resolve('.local-users.json')
let usersDb = {}
try {
const data = await fs.readFile(usersDbPath, 'utf8')
usersDb = JSON.parse(data)
} catch (e) {
// Ignore
}
// DB for scefiles (actual file content)
const filesDbPath = path.resolve('.local-scefiles.json')
let filesDb = {}
try {
const data = await fs.readFile(filesDbPath, 'utf8')
filesDb = JSON.parse(data)
} catch (e) {
// Ignore
}
const { action, username, token } = input
if (!username || !token) {
res.statusCode = 401;
return res.end(JSON.stringify({ success: false, message: '未授权的访问' }))
}
// Simple token validation (matching backend logic)
const expectedPrefix = username + ':'
const decodedToken = Buffer.from(token, 'base64').toString('utf8')
if (!decodedToken.startsWith(expectedPrefix)) {
res.statusCode = 401;
return res.end(JSON.stringify({ success: false, message: 'Token无效或已过期' }))
}
const userFilesKey = username + '_files'
if (action === 'save') {
const name = input.name || '未命名工作区'
const content = input.content
if (!content) {
return res.end(JSON.stringify({ success: false, message: '工作区内容不能为空' }))
}
const fileId = input.fileId || 'ws_' + Date.now() + Math.random().toString(36).substring(7)
const metadata = {
author: username,
name: name,
time: new Date().toISOString(),
size: content.length
}
filesDb[fileId] = JSON.stringify({ metadata, content })
await fs.writeFile(filesDbPath, JSON.stringify(filesDb, null, 2))
if (!usersDb[userFilesKey]) {
usersDb[userFilesKey] = []
}
if (!usersDb[userFilesKey].includes(fileId)) {
usersDb[userFilesKey].push(fileId)
await fs.writeFile(usersDbPath, JSON.stringify(usersDb, null, 2))
}
return res.end(JSON.stringify({
success: true,
message: '保存成功',
data: { fileId, metadata }
}))
} else if (action === 'list') {
const fileIds = usersDb[userFilesKey] || []
const list = []
for (const fileId of fileIds) {
if (filesDb[fileId]) {
const fileData = JSON.parse(filesDb[fileId])
if (fileData && fileData.metadata && fileData.metadata.author === username) {
list.push({
fileId,
metadata: fileData.metadata
})
}
}
}
list.sort((a, b) => new Date(b.metadata.time) - new Date(a.metadata.time))
return res.end(JSON.stringify({ success: true, data: list }))
} else if (action === 'load') {
const fileId = input.fileId
if (!fileId) return res.end(JSON.stringify({ success: false, message: '缺少 fileId' }))
if (!filesDb[fileId]) {
return res.end(JSON.stringify({ success: false, message: '文件不存在或已被删除' }))
}
const fileData = JSON.parse(filesDb[fileId])
if (fileData.metadata.author !== username) {
return res.end(JSON.stringify({ success: false, message: '无权访问该文件' }))
}
return res.end(JSON.stringify({ success: true, data: fileData }))
} else if (action === 'delete') {
const fileId = input.fileId
if (!fileId) return res.end(JSON.stringify({ success: false, message: '缺少 fileId' }))
if (filesDb[fileId]) {
const fileData = JSON.parse(filesDb[fileId])
if (fileData.metadata.author === username) {
delete filesDb[fileId]
await fs.writeFile(filesDbPath, JSON.stringify(filesDb, null, 2))
if (usersDb[userFilesKey]) {
usersDb[userFilesKey] = usersDb[userFilesKey].filter(id => id !== fileId)
await fs.writeFile(usersDbPath, JSON.stringify(usersDb, null, 2))
}
return res.end(JSON.stringify({ success: true, message: '文件已删除' }))
} else {
return res.end(JSON.stringify({ success: false, message: '无权删除该文件或文件损坏' }))
}
} else {
if (usersDb[userFilesKey]) {
usersDb[userFilesKey] = usersDb[userFilesKey].filter(id => id !== fileId)
await fs.writeFile(usersDbPath, JSON.stringify(usersDb, null, 2))
}
return res.end(JSON.stringify({ success: true, message: '文件已被移除' }))
}
} else {
return res.end(JSON.stringify({ success: false, message: 'Unknown action' }))
}
} catch (err) {
console.error('[Auth Mock Error]', err.message, err.stack)
res.statusCode = 500
return res.end(JSON.stringify({ success: false, message: 'Internal Server Error: ' + err.message }))
}
}
async function handleDavProxy(req, res) {
const davUrl = req.headers['x-dav-url']
if (!davUrl) {
res.statusCode = 400
return res.end('Missing x-dav-url header')
}
try {
const targetUrl = new URL(davUrl)
const options = {
hostname: targetUrl.hostname,
port: targetUrl.port,
path: targetUrl.pathname + targetUrl.search,
method: req.method,
headers: { ...req.headers }
}
delete options.headers['host']
delete options.headers['x-dav-url']
delete options.headers['connection']
delete options.headers['origin']
delete options.headers['referer']
const http = await import('http')
const https = await import('https')
const client = targetUrl.protocol === 'https:' ? https : http
const proxyReq = client.request(options, (proxyRes) => {
res.writeHead(proxyRes.statusCode, proxyRes.headers)
proxyRes.pipe(res, { end: true })
})
proxyReq.on('error', (err) => {
console.error('WebDAV Proxy Error:', err)
res.statusCode = 502
res.end('Proxy error: ' + err.message)
})
req.pipe(proxyReq, { end: true })
} catch (err) {
console.error('Invalid URL:', err)
res.statusCode = 400
res.end('Invalid URL')
}
}