From 561a6807718d80106706a35f68fa94249a1b97e2 Mon Sep 17 00:00:00 2001 From: chiguyong Date: Sun, 21 Jun 2026 17:38:21 +0800 Subject: [PATCH] feat(hermes-server): add Hermes Server with ce-code-review security fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 实现独立的 Hermes Server 程序,部署在 Hermes 服务器上接收 EternalAI 同步请求。 主要功能: - 接收 EternalAI 同步请求(POST /api/sync),验证 sync_token (JWT HS256) - 回调 EternalAI 拉取 SOUL.md 和 config.yaml 文件 - 创建 profile(文件系统存储,无需数据库) - 生成二维码绑定链接(PNG) - 提供绑定页面和绑定 API(POST /api/bind/:profileId) - 提供 profile 管理 API(列表/详情/删除/文件下载) - 健康检查端点 ce-code-review 安全修复(2 P0, 8 P1, 10 P2, 12 P3): - P0: SSRF 防护 — 使用 ETERNALAI_BASE_URL 环境变量,不信任请求体中的 filePullBaseUrl - P0: profileId 路径穿越防护 — 正则校验 /^hermes_[a-f0-9]{24}$/ - P1: 原子文件写入(临时目录 + rename) - P1: 绑定竞态条件修复(原子检查 alreadyBound) - P1: jti 重放保护(内存 Map + 5 分钟 TTL) - P1: 幂等去重(findByRoleId,重复同步先删后建) - P1: 生产环境 fail-fast(HERMES_ADMIN_TOKEN 未设置时抛错) - P1: 恒定时间比较 admin token(crypto.timingSafeEqual) - P1: trust proxy 修复(仅 loopback) - P1: IP 白名单使用 socket.remoteAddress - P2: CORS 来源限制(ALLOWED_ORIGINS) - P2: body 大小限制(1MB) - P2: configYaml 非空校验 - P2: QR 码生成顺序(先创建 profile 再生成二维码) - P2: 输入校验(profileName 长度限制) - P2: listProfiles 容错 - P2: 健康检查不泄露 syncSecretConfigured - P2: SOUL.md/config.yaml 本机访问限制 - P2: 绑定页面 try/catch - P2: req.body null check - P3: JWT 算法限制(仅 HS256) - P3: 错误类型区分(504/502/500) - P3: Content-Type 修复(text/markdown, text/yaml) - P3: 404 状态码修复 - P3: form action 转义(encodeURIComponent) - P3: deploy.sh 路径修复 + package-lock.json + npm ci 测试:20 个集成测试全部通过(端到端验证同步、二维码、绑定、写保护等) --- hermes-server/.env.example | 38 + hermes-server/.gitignore | 4 + hermes-server/deploy/deploy.sh | 132 ++ hermes-server/package-lock.json | 1335 ++++++++++++++++++++ hermes-server/package.json | 17 + hermes-server/server.js | 79 ++ hermes-server/src/lib/eternalai-client.js | 65 + hermes-server/src/lib/profile-store.js | 188 +++ hermes-server/src/lib/qrcode-gen.js | 22 + hermes-server/src/lib/sync-token-verify.js | 58 + hermes-server/src/middleware/admin-auth.js | 36 + hermes-server/src/routes/bind.js | 197 +++ hermes-server/src/routes/health.js | 27 + hermes-server/src/routes/profiles.js | 88 ++ hermes-server/src/routes/sync.js | 149 +++ hermes-server/test/integration-test.js | 356 ++++++ 16 files changed, 2791 insertions(+) create mode 100644 hermes-server/.env.example create mode 100644 hermes-server/.gitignore create mode 100644 hermes-server/deploy/deploy.sh create mode 100644 hermes-server/package-lock.json create mode 100644 hermes-server/package.json create mode 100644 hermes-server/server.js create mode 100644 hermes-server/src/lib/eternalai-client.js create mode 100644 hermes-server/src/lib/profile-store.js create mode 100644 hermes-server/src/lib/qrcode-gen.js create mode 100644 hermes-server/src/lib/sync-token-verify.js create mode 100644 hermes-server/src/middleware/admin-auth.js create mode 100644 hermes-server/src/routes/bind.js create mode 100644 hermes-server/src/routes/health.js create mode 100644 hermes-server/src/routes/profiles.js create mode 100644 hermes-server/src/routes/sync.js create mode 100644 hermes-server/test/integration-test.js diff --git a/hermes-server/.env.example b/hermes-server/.env.example new file mode 100644 index 0000000..84e71a1 --- /dev/null +++ b/hermes-server/.env.example @@ -0,0 +1,38 @@ +# ===== Hermes Server 环境变量配置 ===== + +# 服务端口 +PORT=3002 + +# Hermes Server 对外访问的基础 URL(用于生成二维码绑定链接) +# 必须是外部可访问的地址,二维码内容会基于此生成 +HERMES_BASE_URL=http://localhost:3002 + +# ===== EternalAI 地址(P0 修复:用于回调拉取文件,不信任请求体) ===== +# 配置为 EternalAI 服务器的可访问地址 +# hermes-server 会从此地址拉取 SOUL.md 和 config.yaml +ETERNALAI_BASE_URL=http://localhost:3001 + +# ===== 与 EternalAI 共享的 sync_token 密钥 ===== +# 必须与 EternalAI 的 SYNC_SECRET 一致(EternalAI 数据库 SystemConfig 表中 key='SYNC_SECRET' 的值) +# 获取方式:在 EternalAI 服务器执行 +# psql -d eternalai -c "SELECT value FROM \"SystemConfig\" WHERE key='SYNC_SECRET'" +# 或通过 Prisma Studio 查看 +SYNC_SECRET= + +# ===== Hermes 管理员认证 ===== +# 管理 API(查看 profile 列表等)的 Bearer token +# 生产环境务必设置为强随机值(可用 openssl rand -hex 32 生成) +HERMES_ADMIN_TOKEN=dev_only_admin_token_change_me + +# ===== 可选:EternalAI 地址白名单 ===== +# 限制同步请求来源 IP(逗号分隔),留空则不限制 +# 示例:ALLOWED_SOURCE_IPS=192.168.1.100,10.0.0.5 +ALLOWED_SOURCE_IPS= + +# ===== 可选:CORS 来源限制 ===== +# 限制跨域请求来源(逗号分隔),留空则非生产环境允许所有来源 +# 示例:ALLOWED_ORIGINS=https://eternalai.example.com,https://admin.eternalai.example.com +ALLOWED_ORIGINS= + +# ===== Node 环境 ===== +NODE_ENV=development diff --git a/hermes-server/.gitignore b/hermes-server/.gitignore new file mode 100644 index 0000000..97725b4 --- /dev/null +++ b/hermes-server/.gitignore @@ -0,0 +1,4 @@ +node_modules/ +data/ +.env +*.log diff --git a/hermes-server/deploy/deploy.sh b/hermes-server/deploy/deploy.sh new file mode 100644 index 0000000..0cb53ea --- /dev/null +++ b/hermes-server/deploy/deploy.sh @@ -0,0 +1,132 @@ +#!/bin/bash +# Hermes Server 部署脚本 +# 在 Hermes 服务器上执行:bash deploy/deploy.sh +set -e + +APP_DIR="/opt/hermes-server" +APP_USER="hermes" +NODE_VERSION="20" + +echo "===== Hermes Server 部署脚本 =====" + +# 1. 检查 Node.js +if ! command -v node &> /dev/null; then + echo "安装 Node.js $NODE_VERSION..." + curl -fsSL https://deb.nodesource.com/setup_$NODE_VERSION.x | sudo -E bash - + sudo apt-get install -y nodejs +fi +echo "Node.js 版本: $(node -v)" + +# 2. 创建用户和目录 +if ! id "$APP_USER" &> /dev/null; then + sudo useradd -r -m -d /home/$APP_USER -s /bin/bash $APP_USER + echo "创建用户: $APP_USER" +fi + +sudo mkdir -p $APP_DIR +sudo chown -R $APP_USER:$APP_USER $APP_DIR + +# 3. 复制代码(假设当前目录是项目根目录) +echo "复制代码到 $APP_DIR..." +sudo -u $APP_USER cp -r package.json package-lock.json server.js src $APP_DIR/ +sudo -u $APP_USER cp -r deploy $APP_DIR/ 2>/dev/null || true +# .env.example 位于项目根目录,而非 deploy/ 子目录 +sudo -u $APP_USER cp .env.example $APP_DIR/.env.example 2>/dev/null || true + +# 4. 安装依赖 +echo "安装依赖..." +cd $APP_DIR +# 优先使用 npm ci(依赖 package-lock.json,可重现构建),失败则回退到 npm install +if [ -f package-lock.json ]; then + sudo -u $APP_USER npm ci --production || sudo -u $APP_USER npm install --production +else + sudo -u $APP_USER npm install --production +fi + +# 5. 创建数据目录 +sudo -u $APP_USER mkdir -p $APP_DIR/data/profiles $APP_DIR/data/qrcodes + +# 6. 配置环境变量 +if [ ! -f $APP_DIR/.env ]; then + echo "创建 .env 配置文件..." + # .env.example 已在第 3 步拷贝到 $APP_DIR 根目录 + if [ -f $APP_DIR/.env.example ]; then + sudo -u $APP_USER cp $APP_DIR/.env.example $APP_DIR/.env + else + # 如果没有 .env.example,创建一个基本的 + sudo -u $APP_USER bash -c "cat > $APP_DIR/.env << 'ENVEOF' +PORT=3002 +HERMES_BASE_URL=http://localhost:3002 +ETERNALAI_BASE_URL=http://localhost:3001 +SYNC_SECRET= +HERMES_ADMIN_TOKEN=$(openssl rand -hex 32) +NODE_ENV=production +ENVEOF" + fi + echo "⚠️ 请编辑 $APP_DIR/.env 配置 SYNC_SECRET、HERMES_BASE_URL 和 ETERNALAI_BASE_URL" +fi + +# 7. 配置 PM2 +echo "配置 PM2..." +if ! command -v pm2 &> /dev/null; then + sudo npm install -g pm2 +fi + +sudo -u $APP_USER bash -c "cat > $APP_DIR/ecosystem.config.js << 'PM2EOF' +module.exports = { + apps: [{ + name: 'hermes-server', + script: 'server.js', + cwd: '$APP_DIR', + instances: 1, + autorestart: true, + max_memory_restart: '256M', + env: { + NODE_ENV: 'production', + }, + }], +}; +PM2EOF" + +pm2 delete hermes-server 2>/dev/null || true +pm2 start $APP_DIR/ecosystem.config.js +pm2 save + +# 8. 配置 Nginx(可选) +NGINX_CONF="/etc/nginx/sites-available/hermes-server" +if command -v nginx &> /dev/null && [ ! -f "$NGINX_CONF" ]; then + echo "配置 Nginx..." + sudo bash -c "cat > $NGINX_CONF << 'NGINXEOF' +server { + listen 80; + server_name _; # 替换为你的域名 + + location / { + proxy_pass http://127.0.0.1:3002; + proxy_http_version 1.1; + proxy_set_header Upgrade \\\$http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host \\\$host; + proxy_set_header X-Real-IP \\\$remote_addr; + proxy_set_header X-Forwarded-For \\\$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \\\$scheme; + proxy_cache_bypass \\\$http_upgrade; + } +} +NGINXEOF" + sudo ln -sf $NGINX_CONF /etc/nginx/sites-enabled/ + sudo nginx -t && sudo systemctl reload nginx + echo "Nginx 已配置" +fi + +echo "" +echo "===== 部署完成 =====" +echo "" +echo "后续步骤:" +echo "1. 编辑配置: sudo -u $APP_USER nano $APP_DIR/.env" +echo " - SYNC_SECRET: 从 EternalAI 数据库获取(SELECT value FROM \"SystemConfig\" WHERE key='SYNC_SECRET')" +echo " - HERMES_BASE_URL: 设置为外部可访问的地址(如 https://hermes.yourdomain.com)" +echo " - ETERNALAI_BASE_URL: EternalAI 服务器地址(如 https://eternalai.yourdomain.com)" +echo "2. 重启服务: pm2 restart hermes-server" +echo "3. 在 EternalAI 管理后台配置 HERMES_WEBHOOK_URL 为: \${HERMES_BASE_URL}/api/sync" +echo "4. 健康检查: curl http://localhost:3002/api/health" diff --git a/hermes-server/package-lock.json b/hermes-server/package-lock.json new file mode 100644 index 0000000..4ea6f94 --- /dev/null +++ b/hermes-server/package-lock.json @@ -0,0 +1,1335 @@ +{ + "name": "hermes-server", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "hermes-server", + "version": "1.0.0", + "dependencies": { + "cors": "^2.8.5", + "dotenv": "^17.2.0", + "express": "^5.2.1", + "jsonwebtoken": "^9.0.2", + "qrcode": "^1.5.4" + } + }, + "node_modules/accepts": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/accepts/-/accepts-2.0.0.tgz", + "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==", + "license": "MIT", + "dependencies": { + "mime-types": "^3.0.0", + "negotiator": "^1.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmmirror.com/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmmirror.com/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/body-parser": { + "version": "2.3.0", + "resolved": "https://registry.npmmirror.com/body-parser/-/body-parser-2.3.0.tgz", + "integrity": "sha512-2cGmJupaNgg+QUwVLAucDuWuoMZ6EX9iHDRswZ5lsNYEmwPaRknMPCLZz07yTzVq/83p4o/wzbDZbBrTvGGTIw==", + "license": "MIT", + "dependencies": { + "bytes": "^3.1.2", + "content-type": "^2.0.0", + "debug": "^4.4.3", + "http-errors": "^2.0.1", + "iconv-lite": "^0.7.2", + "on-finished": "^2.4.1", + "qs": "^6.15.2", + "raw-body": "^3.0.2", + "type-is": "^2.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/body-parser/node_modules/content-type": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/content-type/-/content-type-2.0.0.tgz", + "integrity": "sha512-j/O/d7GcZCyNl7/hwZAb606rzqkyvaDctLmckbxLzHvFBzTJHuGEdodATcP3yIRoDrLHkIATJuvzbFlp/ki2cQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "license": "BSD-3-Clause" + }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmmirror.com/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmmirror.com/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmmirror.com/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmmirror.com/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "license": "ISC", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmmirror.com/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmmirror.com/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "license": "MIT" + }, + "node_modules/content-disposition": { + "version": "1.1.0", + "resolved": "https://registry.npmmirror.com/content-disposition/-/content-disposition-1.1.0.tgz", + "integrity": "sha512-5jRCH9Z/+DRP7rkvY83B+yGIGX96OYdJmzngqnw2SBSxqCFPd0w2km3s5iawpGX8krnwSGmF0FW5Nhr0Hfai3g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmmirror.com/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmmirror.com/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.2.2", + "resolved": "https://registry.npmmirror.com/cookie-signature/-/cookie-signature-1.2.2.tgz", + "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", + "license": "MIT", + "engines": { + "node": ">=6.6.0" + } + }, + "node_modules/cors": { + "version": "2.8.6", + "resolved": "https://registry.npmmirror.com/cors/-/cors-2.8.6.tgz", + "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmmirror.com/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmmirror.com/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/dijkstrajs": { + "version": "1.0.3", + "resolved": "https://registry.npmmirror.com/dijkstrajs/-/dijkstrajs-1.0.3.tgz", + "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==", + "license": "MIT" + }, + "node_modules/dotenv": { + "version": "17.4.2", + "resolved": "https://registry.npmmirror.com/dotenv/-/dotenv-17.4.2.tgz", + "integrity": "sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmmirror.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmmirror.com/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmmirror.com/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.2", + "resolved": "https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.2.tgz", + "integrity": "sha512-HWcBoN6NileqtSydK2FqHbS/LoDd2pqrnQHLyJzBj4kOp/ky2MWMN694xOfkK8/SnUsW2DH7EfyVlydKCsm1Zw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmmirror.com/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmmirror.com/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express": { + "version": "5.2.1", + "resolved": "https://registry.npmmirror.com/express/-/express-5.2.1.tgz", + "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==", + "license": "MIT", + "dependencies": { + "accepts": "^2.0.0", + "body-parser": "^2.2.1", + "content-disposition": "^1.0.0", + "content-type": "^1.0.5", + "cookie": "^0.7.1", + "cookie-signature": "^1.2.1", + "debug": "^4.4.0", + "depd": "^2.0.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "finalhandler": "^2.1.0", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "merge-descriptors": "^2.0.0", + "mime-types": "^3.0.0", + "on-finished": "^2.4.1", + "once": "^1.4.0", + "parseurl": "^1.3.3", + "proxy-addr": "^2.0.7", + "qs": "^6.14.0", + "range-parser": "^1.2.1", + "router": "^2.2.0", + "send": "^1.1.0", + "serve-static": "^2.2.0", + "statuses": "^2.0.1", + "type-is": "^2.0.1", + "vary": "^1.1.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/finalhandler": { + "version": "2.1.1", + "resolved": "https://registry.npmmirror.com/finalhandler/-/finalhandler-2.1.1.tgz", + "integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "on-finished": "^2.4.1", + "parseurl": "^1.3.3", + "statuses": "^2.0.1" + }, + "engines": { + "node": ">= 18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmmirror.com/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "license": "MIT", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmmirror.com/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/fresh/-/fresh-2.0.0.tgz", + "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmmirror.com/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "license": "ISC", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.4", + "resolved": "https://registry.npmmirror.com/hasown/-/hasown-2.0.4.tgz", + "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmmirror.com/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/iconv-lite": { + "version": "0.7.2", + "resolved": "https://registry.npmmirror.com/iconv-lite/-/iconv-lite-0.7.2.tgz", + "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmmirror.com/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmmirror.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmmirror.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-promise": { + "version": "4.0.0", + "resolved": "https://registry.npmmirror.com/is-promise/-/is-promise-4.0.0.tgz", + "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==", + "license": "MIT" + }, + "node_modules/jsonwebtoken": { + "version": "9.0.3", + "resolved": "https://registry.npmmirror.com/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz", + "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==", + "license": "MIT", + "dependencies": { + "jws": "^4.0.1", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jwa": { + "version": "2.0.1", + "resolved": "https://registry.npmmirror.com/jwa/-/jwa-2.0.1.tgz", + "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==", + "license": "MIT", + "dependencies": { + "buffer-equal-constant-time": "^1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "4.0.1", + "resolved": "https://registry.npmmirror.com/jws/-/jws-4.0.1.tgz", + "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==", + "license": "MIT", + "dependencies": { + "jwa": "^2.0.1", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmmirror.com/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "license": "MIT", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmmirror.com/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "license": "MIT" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmmirror.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", + "license": "MIT" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmmirror.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", + "license": "MIT" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmmirror.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", + "license": "MIT" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmmirror.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", + "license": "MIT" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmmirror.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", + "license": "MIT" + }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmmirror.com/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "license": "MIT" + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "1.1.0", + "resolved": "https://registry.npmmirror.com/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/merge-descriptors": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/merge-descriptors/-/merge-descriptors-2.0.0.tgz", + "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmmirror.com/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "3.0.2", + "resolved": "https://registry.npmmirror.com/mime-types/-/mime-types-3.0.2.tgz", + "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==", + "license": "MIT", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmmirror.com/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/negotiator": { + "version": "1.0.0", + "resolved": "https://registry.npmmirror.com/negotiator/-/negotiator-1.0.0.tgz", + "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmmirror.com/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmmirror.com/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmmirror.com/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmmirror.com/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmmirror.com/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmmirror.com/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "license": "MIT", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmmirror.com/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmmirror.com/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmmirror.com/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-to-regexp": { + "version": "8.4.2", + "resolved": "https://registry.npmmirror.com/path-to-regexp/-/path-to-regexp-8.4.2.tgz", + "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/pngjs": { + "version": "5.0.0", + "resolved": "https://registry.npmmirror.com/pngjs/-/pngjs-5.0.0.tgz", + "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==", + "license": "MIT", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmmirror.com/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/qrcode": { + "version": "1.5.4", + "resolved": "https://registry.npmmirror.com/qrcode/-/qrcode-1.5.4.tgz", + "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==", + "license": "MIT", + "dependencies": { + "dijkstrajs": "^1.0.1", + "pngjs": "^5.0.0", + "yargs": "^15.3.1" + }, + "bin": { + "qrcode": "bin/qrcode" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/qs": { + "version": "6.15.2", + "resolved": "https://registry.npmmirror.com/qs/-/qs-6.15.2.tgz", + "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmmirror.com/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "3.0.2", + "resolved": "https://registry.npmmirror.com/raw-body/-/raw-body-3.0.2.tgz", + "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.7.0", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmmirror.com/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "license": "ISC" + }, + "node_modules/router": { + "version": "2.2.0", + "resolved": "https://registry.npmmirror.com/router/-/router-2.2.0.tgz", + "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "depd": "^2.0.0", + "is-promise": "^4.0.0", + "parseurl": "^1.3.3", + "path-to-regexp": "^8.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmmirror.com/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmmirror.com/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.8.5", + "resolved": "https://registry.npmmirror.com/semver/-/semver-7.8.5.tgz", + "integrity": "sha512-Y7/KDsb8LjooZpwaqGyulO6DQlksgCncchHGk+sZIY4SBvUocMBEFH5Ur1fI4dV+Jvl0w6cjvucaIi40puRioA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/send": { + "version": "1.2.1", + "resolved": "https://registry.npmmirror.com/send/-/send-1.2.1.tgz", + "integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.3", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "fresh": "^2.0.0", + "http-errors": "^2.0.1", + "mime-types": "^3.0.2", + "ms": "^2.1.3", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "statuses": "^2.0.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/serve-static": { + "version": "2.2.1", + "resolved": "https://registry.npmmirror.com/serve-static/-/serve-static-2.2.1.tgz", + "integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "parseurl": "^1.3.3", + "send": "^1.2.0" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==", + "license": "ISC" + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmmirror.com/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/side-channel": { + "version": "1.1.1", + "resolved": "https://registry.npmmirror.com/side-channel/-/side-channel-1.1.1.tgz", + "integrity": "sha512-6x6dK6zJdpTzF4sQeNYxwtvBzf6Eg4GtlesS94HOvTudUeyK2WXAaIfmDgsyslYrRBeFIlsi54AYsFGUuhmvrQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4", + "side-channel-list": "^1.0.1", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmmirror.com/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmmirror.com/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmmirror.com/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmmirror.com/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmmirror.com/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/type-is": { + "version": "2.1.0", + "resolved": "https://registry.npmmirror.com/type-is/-/type-is-2.1.0.tgz", + "integrity": "sha512-faYHw0anBbc/kWF3zFTEnxSFOAGUX9GFbOBthvDdLsIlEoWOFOtS0zgCiQYwIskL9iGXZL3kAXD8OoZ4GmMATA==", + "license": "MIT", + "dependencies": { + "content-type": "^2.0.0", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/type-is/node_modules/content-type": { + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/content-type/-/content-type-2.0.0.tgz", + "integrity": "sha512-j/O/d7GcZCyNl7/hwZAb606rzqkyvaDctLmckbxLzHvFBzTJHuGEdodATcP3yIRoDrLHkIATJuvzbFlp/ki2cQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmmirror.com/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmmirror.com/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/which-module": { + "version": "2.0.1", + "resolved": "https://registry.npmmirror.com/which-module/-/which-module-2.0.1.tgz", + "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", + "license": "ISC" + }, + "node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmmirror.com/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmmirror.com/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "license": "ISC" + }, + "node_modules/y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmmirror.com/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "license": "ISC" + }, + "node_modules/yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmmirror.com/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "license": "MIT", + "dependencies": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmmirror.com/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "license": "ISC", + "dependencies": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + }, + "engines": { + "node": ">=6" + } + } + } +} diff --git a/hermes-server/package.json b/hermes-server/package.json new file mode 100644 index 0000000..f4bd994 --- /dev/null +++ b/hermes-server/package.json @@ -0,0 +1,17 @@ +{ + "name": "hermes-server", + "version": "1.0.0", + "description": "Hermes Server — 接收 EternalAI 同步请求,创建 profile,生成二维码绑定微信", + "main": "server.js", + "scripts": { + "start": "node server.js", + "dev": "node --watch server.js" + }, + "dependencies": { + "cors": "^2.8.5", + "dotenv": "^17.2.0", + "express": "^5.2.1", + "jsonwebtoken": "^9.0.2", + "qrcode": "^1.5.4" + } +} diff --git a/hermes-server/server.js b/hermes-server/server.js new file mode 100644 index 0000000..c63a769 --- /dev/null +++ b/hermes-server/server.js @@ -0,0 +1,79 @@ +// Hermes Server 入口 — 接收 EternalAI 同步请求,创建 profile,生成二维码 + +require('dotenv').config(); +const express = require('express'); +const cors = require('cors'); +const path = require('path'); + +const { ensureDirs } = require('./src/lib/profile-store'); + +const app = express(); +const PORT = process.env.PORT || 3002; + +// 确保数据目录存在 +ensureDirs(); + +// 中间件 +// P2 修复:CORS 限制为已知来源 +const allowedOrigins = process.env.ALLOWED_ORIGINS; +if (allowedOrigins) { + app.use(cors({ origin: allowedOrigins.split(',').map((o) => o.trim()) })); +} else { + // 非生产环境默认允许所有来源,生产环境需配置 ALLOWED_ORIGINS + app.use(cors()); +} +app.use(express.json({ limit: '1mb' })); +app.use(express.urlencoded({ extended: true, limit: '1mb' })); + +// P1 修复:trust proxy 仅信任 loopback(Nginx 反向代理场景) +// 生产环境应配置为具体代理 IP,如 app.set('trust proxy', '10.0.0.1') +app.set('trust proxy', 'loopback'); + +// 路由 +app.use('/api', require('./src/routes/health')); +app.use('/api', require('./src/routes/sync')); +app.use('/api/profiles', require('./src/routes/profiles')); +app.use('/api/bind', require('./src/routes/bind')); + +// 二维码图片静态服务 +const QRCODES_DIR = path.join(__dirname, 'data', 'qrcodes'); +app.use('/api/qrcodes', express.static(QRCODES_DIR, { + setHeaders: (res) => { + res.type('image/png'); + res.set('Cache-Control', 'public, max-age=86400'); + }, +})); + +// 根路径 — 简单信息页 +app.get('/', (req, res) => { + res.json({ + service: 'hermes-server', + status: 'running', + endpoints: { + sync: 'POST /api/sync', + profiles: 'GET /api/profiles', + bind: 'GET /api/bind/:profileId', + health: 'GET /api/health', + }, + }); +}); + +// 404 +app.use((req, res) => { + res.status(404).json({ error: '接口不存在' }); +}); + +// 错误处理 +app.use((err, req, res, next) => { + console.error('[Hermes Server] 未捕获错误:', err); + res.status(500).json({ error: '服务器内部错误' }); +}); + +app.listen(PORT, '0.0.0.0', () => { + console.log(`Hermes Server running on http://0.0.0.0:${PORT}`); + console.log(`HERMES_BASE_URL: ${process.env.HERMES_BASE_URL || `http://localhost:${PORT}`}`); + console.log(`ETERNALAI_BASE_URL: ${process.env.ETERNALAI_BASE_URL || '⚠️ 未配置'}`); + console.log(`SYNC_SECRET: ${process.env.SYNC_SECRET ? '已配置' : '⚠️ 未配置'}`); + console.log(`HERMES_ADMIN_TOKEN: ${process.env.HERMES_ADMIN_TOKEN ? '已配置' : '⚠️ 使用默认值'}`); + console.log(`NODE_ENV: ${process.env.NODE_ENV || 'development'}`); +}); diff --git a/hermes-server/src/lib/eternalai-client.js b/hermes-server/src/lib/eternalai-client.js new file mode 100644 index 0000000..53f4147 --- /dev/null +++ b/hermes-server/src/lib/eternalai-client.js @@ -0,0 +1,65 @@ +// EternalAI 客户端 — 用 sync_token 回调 EternalAI 拉取 SOUL.md 和 config.yaml +// P0 修复:使用环境变量 ETERNALAI_BASE_URL,不信任请求体中的 filePullBaseUrl + +const FETCH_TIMEOUT_MS = 15000; +const MAX_FILE_SIZE = 1024 * 1024; // 1MB 上限 + +// P0 修复:从环境变量获取 EternalAI 地址,防止 SSRF + sync_token 泄露 +const ETERNALAI_BASE_URL = process.env.ETERNALAI_BASE_URL || ''; + +// 拉取单个文件,返回文本内容 +async function pullFile(baseUrl, roleId, filename, syncToken) { + const url = `${baseUrl}/api/hermes/roles/${roleId}/${filename}`; + const controller = new AbortController(); + const timeout = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS); + + try { + const response = await fetch(url, { + headers: { 'X-Sync-Token': syncToken }, + signal: controller.signal, + }); + + if (!response.ok) { + throw new Error(`拉取 ${filename} 失败: HTTP ${response.status}`); + } + + // P1 修复:校验文件大小,防止 OOM + const contentLength = parseInt(response.headers.get('content-length') || '0', 10); + if (contentLength > MAX_FILE_SIZE) { + throw new Error(`${filename} 文件过大 (${contentLength} bytes),超过 ${MAX_FILE_SIZE} 上限`); + } + + const text = await response.text(); + // 即使没有 Content-Length 也校验实际大小 + if (text.length > MAX_FILE_SIZE) { + throw new Error(`${filename} 文件过大 (${text.length} chars),超过上限`); + } + + return text; + } catch (err) { + if (err.name === 'AbortError') { + throw new Error(`拉取 ${filename} 超时(${FETCH_TIMEOUT_MS}ms)`); + } + throw err; + } finally { + clearTimeout(timeout); + } +} + +// 拉取角色的 SOUL.md 和 config.yaml +// P0 修复:使用 ETERNALALAI_BASE_URL 环境变量,忽略请求体中的 filePullBaseUrl +async function pullRoleFiles(roleId, syncToken) { + const baseUrl = ETERNALAI_BASE_URL.replace(/\/+$/, ''); // 去掉尾部斜杠 + if (!baseUrl) { + throw new Error('ETERNALAI_BASE_URL 环境变量未配置,无法拉取文件'); + } + + const [soulMd, configYaml] = await Promise.all([ + pullFile(baseUrl, roleId, 'SOUL.md', syncToken), + pullFile(baseUrl, roleId, 'config.yaml', syncToken), + ]); + + return { soulMd, configYaml }; +} + +module.exports = { pullRoleFiles, pullFile, ETERNALAI_BASE_URL }; diff --git a/hermes-server/src/lib/profile-store.js b/hermes-server/src/lib/profile-store.js new file mode 100644 index 0000000..ffff8fd --- /dev/null +++ b/hermes-server/src/lib/profile-store.js @@ -0,0 +1,188 @@ +// Profile 存储 — 基于文件系统,每个 profile 一个目录 +// 结构:data/profiles/{profileId}/meta.json + SOUL.md + config.yaml + +const fs = require('fs'); +const path = require('path'); +const crypto = require('crypto'); + +const DATA_DIR = path.join(__dirname, '..', '..', 'data'); +const PROFILES_DIR = path.join(DATA_DIR, 'profiles'); +const QRCODES_DIR = path.join(DATA_DIR, 'qrcodes'); + +// profileId 格式:hermes_ + 24 位 hex(共 31 字符) +const PROFILE_ID_RE = /^hermes_[a-f0-9]{24}$/; + +// P0 修复:校验 profileId 格式,防止路径穿越 +function isValidProfileId(profileId) { + return typeof profileId === 'string' && PROFILE_ID_RE.test(profileId); +} + +// 确保目录存在 +function ensureDirs() { + for (const dir of [DATA_DIR, PROFILES_DIR, QRCODES_DIR]) { + if (!fs.existsSync(dir)) { + fs.mkdirSync(dir, { recursive: true }); + } + } +} + +// 生成 profileId(hermes_ 前缀 + 随机 hex) +function generateProfileId() { + return 'hermes_' + crypto.randomBytes(12).toString('hex'); +} + +// 创建 profile(P1 修复:原子写入 — 先写临时目录,全部成功后 rename) +function createProfile({ profileId, profileName, roleId, sourceBaseUrl, modelKey, provider, multimediaModelKey, multimediaProvider, enableSchedule, soulMd, configYaml, qrCodeUrl }) { + if (!isValidProfileId(profileId)) { + throw new Error('无效的 profileId'); + } + ensureDirs(); + + const meta = { + profileId, + profileName, + roleId, + sourceBaseUrl, + modelKey, + provider, + multimediaModelKey, + multimediaProvider, + enableSchedule, + qrCodeUrl, + createdAt: new Date().toISOString(), + boundWechat: null, + boundAt: null, + }; + + // 写入临时目录,全部成功后原子 rename 到正式路径 + const tmpDir = path.join(PROFILES_DIR, `.tmp_${profileId}_${Date.now()}`); + fs.mkdirSync(tmpDir, { recursive: true }); + + try { + fs.writeFileSync(path.join(tmpDir, 'meta.json'), JSON.stringify(meta, null, 2)); + fs.writeFileSync(path.join(tmpDir, 'SOUL.md'), soulMd); + fs.writeFileSync(path.join(tmpDir, 'config.yaml'), configYaml); + // 原子操作:rename 在同一文件系统上是原子的 + fs.renameSync(tmpDir, path.join(PROFILES_DIR, profileId)); + } catch (err) { + // 失败时清理临时目录 + try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch {} + throw err; + } + + return meta; +} + +// 获取 profile 元数据 +function getProfileMeta(profileId) { + if (!isValidProfileId(profileId)) return null; + const metaPath = path.join(PROFILES_DIR, profileId, 'meta.json'); + if (!fs.existsSync(metaPath)) return null; + return JSON.parse(fs.readFileSync(metaPath, 'utf-8')); +} + +// 获取 profile 文件内容 +function getProfileFile(profileId, filename) { + if (!isValidProfileId(profileId)) return null; + // filename 仅允许已知文件名 + const ALLOWED_FILES = ['SOUL.md', 'config.yaml']; + if (!ALLOWED_FILES.includes(filename)) return null; + const filePath = path.join(PROFILES_DIR, profileId, filename); + if (!fs.existsSync(filePath)) return null; + return fs.readFileSync(filePath, 'utf-8'); +} + +// 列出所有 profile(P2 修复:跳过损坏的 meta.json) +function listProfiles() { + ensureDirs(); + const entries = fs.readdirSync(PROFILES_DIR, { withFileTypes: true }); + const profiles = []; + for (const entry of entries) { + if (entry.isDirectory() && !entry.name.startsWith('.tmp_')) { + try { + const meta = getProfileMeta(entry.name); + if (meta) profiles.push(meta); + } catch (err) { + console.warn(`[Hermes] 跳过损坏的 profile: ${entry.name}`, err.message); + } + } + } + // 按创建时间倒序 + profiles.sort((a, b) => new Date(b.createdAt) - new Date(a.createdAt)); + return profiles; +} + +// 绑定微信(P1 修复:原子检查 — 写入前再次校验未绑定) +function bindWechat(profileId, wechatId) { + if (!isValidProfileId(profileId)) return null; + const meta = getProfileMeta(profileId); + if (!meta) return null; + + // 原子检查:若已绑定则拒绝(防止 TOCTOU 竞态) + if (meta.boundWechat) return { alreadyBound: true }; + + meta.boundWechat = wechatId; + meta.boundAt = new Date().toISOString(); + + // 原子写入:先写临时文件再 rename + const metaPath = path.join(PROFILES_DIR, profileId, 'meta.json'); + const tmpPath = path.join(PROFILES_DIR, profileId, `.meta.json.tmp_${Date.now()}`); + fs.writeFileSync(tmpPath, JSON.stringify(meta, null, 2)); + fs.renameSync(tmpPath, metaPath); + + return meta; +} + +// 删除 profile(P0 修复:校验 profileId 防止路径穿越) +function deleteProfile(profileId) { + if (!isValidProfileId(profileId)) return false; + const dir = path.join(PROFILES_DIR, profileId); + if (!fs.existsSync(dir)) return false; + fs.rmSync(dir, { recursive: true }); + // 同时清理二维码 + const qrPath = path.join(QRCODES_DIR, `${profileId}.png`); + if (fs.existsSync(qrPath)) { + try { fs.unlinkSync(qrPath); } catch {} + } + return true; +} + +// 保存二维码图片 +function saveQrCode(profileId, pngBuffer) { + if (!isValidProfileId(profileId)) { + throw new Error('无效的 profileId'); + } + ensureDirs(); + const filename = `${profileId}.png`; + fs.writeFileSync(path.join(QRCODES_DIR, filename), pngBuffer); + return filename; +} + +// 获取二维码图片路径 +function getQrCodePath(profileId) { + if (!isValidProfileId(profileId)) return null; + const filePath = path.join(QRCODES_DIR, `${profileId}.png`); + if (!fs.existsSync(filePath)) return null; + return filePath; +} + +// 根据 roleId 查找已有 profile(P1 修复:幂等去重) +function findByRoleId(roleId) { + if (!roleId) return null; + const profiles = listProfiles(); + return profiles.find((p) => p.roleId === roleId) || null; +} + +module.exports = { + ensureDirs, + generateProfileId, + createProfile, + getProfileMeta, + getProfileFile, + listProfiles, + bindWechat, + deleteProfile, + saveQrCode, + getQrCodePath, + findByRoleId, +}; diff --git a/hermes-server/src/lib/qrcode-gen.js b/hermes-server/src/lib/qrcode-gen.js new file mode 100644 index 0000000..2fb3dcc --- /dev/null +++ b/hermes-server/src/lib/qrcode-gen.js @@ -0,0 +1,22 @@ +// 二维码生成 — 使用 qrcode 库生成 PNG 图片 + +const QRCode = require('qrcode'); +const path = require('path'); +const { saveQrCode } = require('./profile-store'); + +// 生成二维码并保存为 PNG 文件,返回文件名 +async function generateAndSaveQrCode(profileId, bindUrl) { + const pngBuffer = await QRCode.toBuffer(bindUrl, { + type: 'png', + width: 320, + margin: 2, + color: { + dark: '#000000', + light: '#ffffff', + }, + }); + + return saveQrCode(profileId, pngBuffer); +} + +module.exports = { generateAndSaveQrCode }; diff --git a/hermes-server/src/lib/sync-token-verify.js b/hermes-server/src/lib/sync-token-verify.js new file mode 100644 index 0000000..1edfbdb --- /dev/null +++ b/hermes-server/src/lib/sync-token-verify.js @@ -0,0 +1,58 @@ +// sync_token 验证 — 使用与 EternalAI 共享的 SYNC_SECRET 验证 JWT +// sync_token 由 EternalAI 签发(HS256),包含 { roleId, adminId, jti, type:'sync' },5 分钟过期 + +const jwt = require('jsonwebtoken'); + +const SYNC_SECRET = process.env.SYNC_SECRET; + +if (!SYNC_SECRET) { + if (process.env.NODE_ENV === 'production') { + throw new Error( + 'SYNC_SECRET 环境变量未设置。请从 EternalAI 数据库获取 SYNC_SECRET 并配置到 .env 文件中。\n' + + '获取方式:在 EternalAI 服务器执行\n' + + ' psql -d eternalai -c \'SELECT value FROM "SystemConfig" WHERE key=\'\'SYNC_SECRET\'\'\'\'' + ); + } + console.warn('[安全警告] SYNC_SECRET 未设置,sync_token 验证将无法工作。请在 .env 中配置与 EternalAI 一致的 SYNC_SECRET。'); +} + +// P2 修复:jti 重放保护 — 内存缓存已使用的 jti,5 分钟 TTL +const usedJtis = new Map(); +const JTI_TTL_MS = 5 * 60 * 1000; + +function cleanupExpiredJtis() { + const now = Date.now(); + for (const [jti, ts] of usedJtis) { + if (now - ts > JTI_TTL_MS) { + usedJtis.delete(jti); + } + } +} + +// 验证 sync_token,返回 payload 或 null +function verifySyncToken(token) { + if (!SYNC_SECRET) { + return null; + } + try { + // P3 修复:显式指定算法,防止 alg 混淆攻击 + const decoded = jwt.verify(token, SYNC_SECRET, { algorithms: ['HS256'] }); + if (decoded.type !== 'sync') return null; + + // P2 修复:jti 重放保护 + if (decoded.jti) { + cleanupExpiredJtis(); + if (usedJtis.has(decoded.jti)) { + console.warn('[安全警告] sync_token 重放被拒绝, jti:', decoded.jti); + return null; + } + usedJtis.set(decoded.jti, Date.now()); + } + + return decoded; + } catch { + return null; + } +} + +module.exports = { verifySyncToken }; diff --git a/hermes-server/src/middleware/admin-auth.js b/hermes-server/src/middleware/admin-auth.js new file mode 100644 index 0000000..599d1ea --- /dev/null +++ b/hermes-server/src/middleware/admin-auth.js @@ -0,0 +1,36 @@ +// Hermes 管理员认证中间件 — 使用环境变量 HERMES_ADMIN_TOKEN 进行 Bearer token 认证 + +const crypto = require('crypto'); + +const DEFAULT_TOKEN = 'dev_only_admin_token_change_me'; +const ADMIN_TOKEN = process.env.HERMES_ADMIN_TOKEN; + +// P1 修复:生产环境 fail-fast +if (!ADMIN_TOKEN) { + if (process.env.NODE_ENV === 'production') { + throw new Error( + 'HERMES_ADMIN_TOKEN 环境变量未设置。请生成一个强随机值(可用 openssl rand -hex 32)并配置到 .env 文件中。' + ); + } + console.warn('[安全警告] HERMES_ADMIN_TOKEN 未设置,使用开发环境默认 token。请勿在生产环境使用。'); +} + +const EFFECTIVE_TOKEN = ADMIN_TOKEN || DEFAULT_TOKEN; + +function adminAuthMiddleware(req, res, next) { + const authHeader = req.headers.authorization; + if (!authHeader || !authHeader.startsWith('Bearer ')) { + return res.status(401).json({ error: '需要管理员认证' }); + } + const token = authHeader.slice(7); + + // P3 修复:恒定时间比较,防止时序攻击 + const a = Buffer.from(token); + const b = Buffer.from(EFFECTIVE_TOKEN); + if (a.length !== b.length || !crypto.timingSafeEqual(a, b)) { + return res.status(403).json({ error: '管理员 token 无效' }); + } + next(); +} + +module.exports = { adminAuthMiddleware }; diff --git a/hermes-server/src/routes/bind.js b/hermes-server/src/routes/bind.js new file mode 100644 index 0000000..f1b272a --- /dev/null +++ b/hermes-server/src/routes/bind.js @@ -0,0 +1,197 @@ +// 绑定流程 — 二维码扫描后的绑定页面和绑定操作 +// QR 码内容:{HERMES_BASE_URL}/api/bind/{profileId} +// 扫描后展示绑定页面,用户确认绑定 + +const express = require('express'); +const { getProfileMeta, bindWechat } = require('../lib/profile-store'); + +const router = express.Router(); + +// 绑定页面(GET)— 扫描二维码后打开 +router.get('/:profileId', (req, res) => { + try { + const meta = getProfileMeta(req.params.profileId); + if (!meta) { + // P3 修复:返回 404 状态码 + return res.status(404).type('html').send(renderNotFoundPage()); + } + + // 如果已绑定,显示已绑定页面 + if (meta.boundWechat) { + return res.type('html').send(renderAlreadyBoundPage(meta)); + } + + // 显示绑定确认页面 + res.type('html').send(renderBindPage(meta)); + } catch (err) { + // P2 修复:异常时返回 HTML 而非 JSON + console.error('绑定页面加载失败:', err); + res.status(500).type('html').send(renderNotFoundPage()); + } +}); + +// 执行绑定(POST) +router.post('/:profileId', (req, res) => { + try { + const meta = getProfileMeta(req.params.profileId); + if (!meta) { + return res.status(404).json({ error: 'Profile 不存在' }); + } + if (meta.boundWechat) { + return res.status(400).json({ error: '该 Profile 已绑定微信' }); + } + + // P2 修复:req.body 可能为 undefined + const body = req.body || {}; + // 绑定标识:优先用微信 OAuth code,其次用请求体中的 wechatId + // 实际生产环境中,这里应通过微信 OAuth 获取 openid + const wechatId = body.wechatId || body.openid; + + if (!wechatId) { + return res.status(400).json({ error: '缺少 wechatId,请通过微信 OAuth 授权' }); + } + + // P1 修复:bindWechat 内部有原子检查,处理 alreadyBound 返回 + const result = bindWechat(req.params.profileId, wechatId); + if (!result) { + return res.status(404).json({ error: 'Profile 不存在' }); + } + if (result.alreadyBound) { + return res.status(400).json({ error: '该 Profile 已被绑定' }); + } + + console.log(`[Hermes] Profile ${req.params.profileId} 已绑定微信: ${wechatId}`); + + res.json({ + message: '绑定成功', + profileId: result.profileId, + profileName: result.profileName, + boundAt: result.boundAt, + }); + } catch (err) { + console.error('绑定失败:', err); + res.status(500).json({ error: '绑定失败' }); + } +}); + +// ===== HTML 页面渲染 ===== + +function renderBindPage(meta) { + // P3 修复:profileId 在 form action 中转义 + const safeProfileId = encodeURIComponent(meta.profileId); + return ` + + + + + 绑定角色 - ${escapeHtml(meta.profileName)} + + + +
+
+
${escapeHtml(meta.profileName.charAt(0))}
+

${escapeHtml(meta.profileName)}

+

扫描绑定后,即可在微信中与该角色对话

+
+
Profile ID${escapeHtml(meta.profileId)}
+
创建时间${new Date(meta.createdAt).toLocaleString('zh-CN')}
+
状态待绑定
+
+
+ + +
+ +
+
+ +`; +} + +function renderAlreadyBoundPage(meta) { + return ` + + + + + 已绑定 - ${escapeHtml(meta.profileName)} + + + +
+
+
+

${escapeHtml(meta.profileName)}

+

该角色已成功绑定微信

+
+
绑定时间${new Date(meta.boundAt).toLocaleString('zh-CN')}
+
状态已绑定
+
+
+
+ +`; +} + +function renderNotFoundPage() { + return ` + + + + + 角色不存在 + + + +
+
+
🔍
+

角色不存在或二维码已失效

+
+
+ +`; +} + +function escapeHtml(str) { + return String(str).replace(/[&<>"']/g, (c) => ({ + '&': '&', '<': '<', '>': '>', '"': '"', "'": ''' + }[c])); +} + +module.exports = router; diff --git a/hermes-server/src/routes/health.js b/hermes-server/src/routes/health.js new file mode 100644 index 0000000..ff632a2 --- /dev/null +++ b/hermes-server/src/routes/health.js @@ -0,0 +1,27 @@ +// 健康检查 + +const express = require('express'); +const { listProfiles } = require('../lib/profile-store'); + +const router = express.Router(); + +router.get('/health', (req, res) => { + let profileCount = 0; + let storageOk = true; + try { + profileCount = listProfiles().length; + } catch { + // P3 修复:区分"无 profile"和"读取失败" + storageOk = false; + } + + // P2 修复:不泄露 syncSecretConfigured 等安全配置状态 + res.json({ + status: storageOk ? 'ok' : 'degraded', + service: 'hermes-server', + timestamp: new Date().toISOString(), + profileCount, + }); +}); + +module.exports = router; diff --git a/hermes-server/src/routes/profiles.js b/hermes-server/src/routes/profiles.js new file mode 100644 index 0000000..6731539 --- /dev/null +++ b/hermes-server/src/routes/profiles.js @@ -0,0 +1,88 @@ +// Profile 管理 API — 查看、下载 profile 文件(供 Hermes Agent 和管理员使用) + +const express = require('express'); +const { adminAuthMiddleware } = require('../middleware/admin-auth'); +const { listProfiles, getProfileMeta, getProfileFile, deleteProfile } = require('../lib/profile-store'); + +const router = express.Router(); + +// 获取所有 profile 列表(需管理员认证) +router.get('/', adminAuthMiddleware, (req, res) => { + try { + const profiles = listProfiles(); + res.json({ profiles, total: profiles.length }); + } catch (err) { + console.error('获取 profile 列表失败:', err); + res.status(500).json({ error: '服务器错误' }); + } +}); + +// 获取 profile 详情(需管理员认证) +router.get('/:profileId', adminAuthMiddleware, (req, res) => { + try { + const meta = getProfileMeta(req.params.profileId); + if (!meta) { + return res.status(404).json({ error: 'Profile 不存在' }); + } + res.json({ profile: meta }); + } catch (err) { + console.error('获取 profile 详情失败:', err); + res.status(500).json({ error: '服务器错误' }); + } +}); + +// 下载 SOUL.md(供 Hermes Agent 使用,限制本机访问) +router.get('/:profileId/SOUL.md', (req, res) => { + try { + // P2 修复:限制本机访问 + const clientIp = (req.socket.remoteAddress || '').replace(/^::ffff:/, ''); + if (clientIp !== '127.0.0.1' && clientIp !== '::1' && clientIp !== '') { + return res.status(403).json({ error: '仅限本机访问' }); + } + const content = getProfileFile(req.params.profileId, 'SOUL.md'); + if (content === null) { + return res.status(404).json({ error: 'Profile 或 SOUL.md 不存在' }); + } + // P3 修复:使用语义正确的 Content-Type + res.type('text/markdown').send(content); + } catch (err) { + console.error('获取 SOUL.md 失败:', err); + res.status(500).json({ error: '服务器错误' }); + } +}); + +// 下载 config.yaml(供 Hermes Agent 使用,限制本机访问) +router.get('/:profileId/config.yaml', (req, res) => { + try { + // P2 修复:限制本机访问 + const clientIp = (req.socket.remoteAddress || '').replace(/^::ffff:/, ''); + if (clientIp !== '127.0.0.1' && clientIp !== '::1' && clientIp !== '') { + return res.status(403).json({ error: '仅限本机访问' }); + } + const content = getProfileFile(req.params.profileId, 'config.yaml'); + if (content === null) { + return res.status(404).json({ error: 'Profile 或 config.yaml 不存在' }); + } + // P3 修复:使用语义正确的 Content-Type + res.type('text/yaml').send(content); + } catch (err) { + console.error('获取 config.yaml 失败:', err); + res.status(500).json({ error: '服务器错误' }); + } +}); + +// 删除 profile(需管理员认证) +router.delete('/:profileId', adminAuthMiddleware, (req, res) => { + try { + const deleted = deleteProfile(req.params.profileId); + if (!deleted) { + return res.status(404).json({ error: 'Profile 不存在' }); + } + res.json({ message: 'Profile 已删除' }); + } catch (err) { + console.error('删除 profile 失败:', err); + res.status(500).json({ error: '服务器错误' }); + } +}); + +module.exports = router; diff --git a/hermes-server/src/routes/sync.js b/hermes-server/src/routes/sync.js new file mode 100644 index 0000000..9c19888 --- /dev/null +++ b/hermes-server/src/routes/sync.js @@ -0,0 +1,149 @@ +// POST /api/sync — 接收 EternalAI 的同步请求 +// 流程:验证 sync_token → 回调拉取 SOUL.md + config.yaml → 创建/更新 profile → 生成二维码 → 返回 + +const express = require('express'); +const { verifySyncToken } = require('../lib/sync-token-verify'); +const { pullRoleFiles } = require('../lib/eternalai-client'); +const { generateProfileId, createProfile, findByRoleId, deleteProfile } = require('../lib/profile-store'); +const { generateAndSaveQrCode } = require('../lib/qrcode-gen'); + +const router = express.Router(); + +// P2 修复:输入校验 +const MAX_PROFILE_NAME_LEN = 128; + +// 来源 IP 白名单检查(P1 修复:使用 socket.remoteAddress 而非可伪造的 req.ip) +function checkSourceIp(req, res, next) { + const allowedIps = process.env.ALLOWED_SOURCE_IPS; + if (!allowedIps) return next(); + + // 使用 socket 远程地址,不受 X-Forwarded-For 影响 + const clientIp = (req.socket.remoteAddress || '').replace(/^::ffff:/, ''); + if (!clientIp) { + return res.status(403).json({ error: '无法确定来源 IP' }); + } + const allowed = allowedIps.split(',').map((ip) => ip.trim()); + if (!allowed.includes(clientIp)) { + return res.status(403).json({ error: '来源 IP 不在白名单中' }); + } + next(); +} + +router.post('/sync', checkSourceIp, async (req, res) => { + try { + const { + profileName, + modelKey, + provider, + multimediaModelKey, + multimediaProvider, + enableSchedule, + syncToken, + roleId, + } = req.body; + + // 参数校验 + if (!syncToken || !roleId || !profileName) { + return res.status(400).json({ error: '缺少必要参数(syncToken, roleId, profileName)' }); + } + + // P2 修复:profileName 长度限制 + if (profileName.length > MAX_PROFILE_NAME_LEN) { + return res.status(400).json({ error: `profileName 过长(上限 ${MAX_PROFILE_NAME_LEN} 字符)` }); + } + + // 验证 sync_token + const payload = verifySyncToken(syncToken); + if (!payload) { + return res.status(401).json({ error: 'sync_token 无效或已过期' }); + } + + // 验证 roleId 匹配 + if (payload.roleId !== roleId) { + return res.status(403).json({ error: 'roleId 与 sync_token 不匹配' }); + } + + // P1 修复:幂等去重 — 若该 roleId 已有 profile,先删除旧的再创建新的 + const existing = findByRoleId(roleId); + if (existing) { + deleteProfile(existing.profileId); + } + + // 回调 EternalAI 拉取 SOUL.md 和 config.yaml + // P0 修复:使用环境变量 ETERNALAI_BASE_URL,不信任请求体中的 filePullBaseUrl + const { soulMd, configYaml } = await pullRoleFiles(roleId, syncToken); + + // P2 修复:校验两个文件都非空 + if (!soulMd || soulMd.length === 0) { + return res.status(400).json({ error: '拉取的 SOUL.md 为空' }); + } + if (!configYaml || configYaml.length === 0) { + return res.status(400).json({ error: '拉取的 config.yaml 为空' }); + } + + // 创建 profile + const profileId = generateProfileId(); + const baseUrl = process.env.HERMES_BASE_URL || `http://localhost:${process.env.PORT || 3002}`; + const bindUrl = `${baseUrl}/api/bind/${profileId}`; + + // P2 修复:先创建 profile,再生成二维码(避免孤儿文件) + // 先用 null 作为 qrCodeUrl 创建 profile + const meta = createProfile({ + profileId, + profileName, + roleId, + sourceBaseUrl: process.env.ETERNALAI_BASE_URL || 'unknown', + modelKey, + provider, + multimediaModelKey, + multimediaProvider, + enableSchedule: !!enableSchedule, + soulMd, + configYaml, + qrCodeUrl: null, // 稍后更新 + }); + + // 生成二维码 + try { + const qrFilename = await generateAndSaveQrCode(profileId, bindUrl); + const qrCodeUrl = `${baseUrl}/api/qrcodes/${qrFilename}`; + // 更新 meta 中的 qrCodeUrl(通过重新写入 meta.json) + const { getProfileMeta } = require('../lib/profile-store'); + const updatedMeta = getProfileMeta(profileId); + if (updatedMeta) { + updatedMeta.qrCodeUrl = qrCodeUrl; + const fs = require('fs'); + const path = require('path'); + const metaPath = path.join(__dirname, '..', '..', 'data', 'profiles', profileId, 'meta.json'); + fs.writeFileSync(metaPath, JSON.stringify(updatedMeta, null, 2)); + } + meta.qrCodeUrl = qrCodeUrl; + } catch (qrErr) { + console.error('[Hermes] 二维码生成失败:', qrErr.message); + // 二维码生成失败不阻塞 profile 创建,但返回中不包含 qrCodeUrl + } + + console.log(`[Hermes] Profile 创建成功: ${profileId} (name=${profileName}, roleId=${roleId})`); + + res.json({ + qrCodeUrl: meta.qrCodeUrl, + profileId, + message: 'Profile 创建成功', + }); + } catch (err) { + console.error('[Hermes] 同步失败:', err.message); + // P3 修复:区分已知错误类型 + if (err.message.includes('超时')) { + return res.status(504).json({ error: '拉取文件超时,请检查 EternalAI 服务状态' }); + } + if (err.message.includes('ETERNALAI_BASE_URL')) { + return res.status(500).json({ error: 'Hermes Server 未配置 ETERNALAI_BASE_URL' }); + } + if (err.message.includes('拉取') && err.message.includes('失败')) { + return res.status(502).json({ error: '拉取文件失败,请检查 EternalAI 服务是否正常' }); + } + res.status(500).json({ error: '同步失败,请稍后重试' }); + } +}); + +module.exports = router; diff --git a/hermes-server/test/integration-test.js b/hermes-server/test/integration-test.js new file mode 100644 index 0000000..3146741 --- /dev/null +++ b/hermes-server/test/integration-test.js @@ -0,0 +1,356 @@ +// 集成测试:EternalAI → hermes-server 端到端同步流程 +// 前提:EternalAI (3001) 和 hermes-server (3002) 均已运行,SYNC_SECRET 已同步 +// 前提:hermes-server 的 .env 已配置 ETERNALALAI_BASE_URL=http://localhost:3001 + +const BASE_ETERNAL = 'http://localhost:3001'; +const BASE_HERMES = 'http://localhost:3002'; +const HERMES_ADMIN_TOKEN = 'dev_only_admin_token_change_me'; + +let passed = 0; +let failed = 0; + +async function assert(name, fn) { + try { + await fn(); + passed++; + console.log(` ✓ ${name}`); + } catch (err) { + failed++; + console.log(` ✗ ${name}`); + console.log(` ${err.message}`); + } +} + +function assertEqual(actual, expected, msg) { + if (actual !== expected) { + throw new Error(`${msg || ''} expected ${JSON.stringify(expected)}, got ${JSON.stringify(actual)}`); + } +} + +function assertTruthy(val, msg) { + if (!val) throw new Error(msg || 'expected truthy value'); +} + +// 清理 hermes-server 上的所有 profile(避免重复运行导致冲突) +async function cleanupHermesProfiles() { + try { + const res = await fetch(`${BASE_HERMES}/api/profiles`, { + headers: { Authorization: `Bearer ${HERMES_ADMIN_TOKEN}` }, + }); + if (!res.ok) return; + const data = await res.json(); + for (const p of data.profiles || []) { + try { + await fetch(`${BASE_HERMES}/api/profiles/${p.profileId}`, { + method: 'DELETE', + headers: { Authorization: `Bearer ${HERMES_ADMIN_TOKEN}` }, + }); + } catch {} + } + console.log(` 已清理 hermes-server 上 ${data.profiles?.length || 0} 个 profile`); + } catch (err) { + console.log(` 清理 hermes-server 跳过: ${err.message}`); + } +} + +async function main() { + const prisma = require('../../src/lib/prisma'); + const { hashPassword } = require('../../src/lib/auth'); + + // ===== 清理数据库 ===== + console.log('\n===== 准备:清理数据库 ====='); + await prisma.order.deleteMany(); + await prisma.apiKey.deleteMany(); + await prisma.role.deleteMany(); + await prisma.admin.deleteMany(); + await prisma.user.deleteMany(); + await prisma.systemConfig.deleteMany({ where: { key: 'HERMES_WEBHOOK_URL' } }); + + // 确保 SYNC_SECRET 存在 + const crypto = require('crypto'); + await prisma.systemConfig.upsert({ + where: { key: 'SYNC_SECRET' }, + update: {}, + create: { key: 'SYNC_SECRET', value: crypto.randomBytes(32).toString('hex') }, + }); + + // P1 修复:清理 hermes-server 上的残留 profile(避免重复运行测试失败) + console.log('\n===== 准备:清理 hermes-server 数据 ====='); + await cleanupHermesProfiles(); + + // 创建测试用户和管理员 + const user = await prisma.user.create({ + data: { account: 'itest_user', password: hashPassword('Test123456'), isCreator: true }, + }); + const admin = await prisma.admin.create({ + data: { account: 'itest_admin', password: hashPassword('admin123') }, + }); + console.log(` 用户: ${user.id}, 管理员: ${admin.id}`); + + // ===== 测试开始 ===== + console.log('\n===== 测试:EternalAI → hermes-server 集成 ====='); + + let adminToken, userToken, roleId; + + // 1. 管理员登录 + await assert('管理员登录', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/admin-auth/login`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ account: 'itest_admin', password: 'admin123' }), + }); + assertEqual(res.status, 200, '管理员登录状态码'); + const data = await res.json(); + assertTruthy(data.token, '管理员 token'); + adminToken = data.token; + }); + + // 2. 用户登录 + await assert('用户登录', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/auth/login`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ account: 'itest_user', password: 'Test123456' }), + }); + assertEqual(res.status, 200, '用户登录状态码'); + const data = await res.json(); + assertTruthy(data.token, '用户 token'); + userToken = data.token; + }); + + // 3. 用户创建角色 + await assert('用户创建角色', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/roles`, { + method: 'POST', + headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${userToken}` }, + body: JSON.stringify({ + displayName: '集成测试角色', + personality: '温柔善良', + background: '来自星辰大海', + speechStyle: '轻声细语', + greeting: '你好呀,我是星灵', + soulMd: '# SOUL\n\n我是星灵,来自星辰大海的守护者。\n我温柔善良,喜欢倾听你的故事。', + }), + }); + assertEqual(res.status, 200, '创建角色状态码'); + const data = await res.json(); + assertTruthy(data.role.id, '角色 ID'); + assertEqual(data.role.reviewStatus, 'pending_review', '初始审核状态'); + roleId = data.role.id; + }); + + // 4. 管理员审核通过 + await assert('管理员审核通过', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/admin/reviews/${roleId}/approve`, { + method: 'POST', + headers: { Authorization: `Bearer ${adminToken}` }, + }); + assertEqual(res.status, 200, '审核状态码'); + const data = await res.json(); + assertEqual(data.role.reviewStatus, 'approved', '审核后状态'); + }); + + // 5. 配置 Hermes webhook URL 指向真实 hermes-server + await assert('配置 HERMES_WEBHOOK_URL 指向 hermes-server', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/admin/config/HERMES_WEBHOOK_URL`, { + method: 'PUT', + headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${adminToken}` }, + body: JSON.stringify({ value: `${BASE_HERMES}/api/sync` }), + }); + assertEqual(res.status, 200, '配置状态码'); + }); + + // 6. 管理员发起同步 → hermes-server 接收 → 回调拉取文件 → 创建 profile → 返回二维码 + let syncResponse; + await assert('管理员发起同步(真实 hermes-server)', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/admin/sync/${roleId}`, { + method: 'POST', + headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${adminToken}` }, + body: JSON.stringify({ + profileName: 'star-spirit', + modelKey: 'sk-test-key', + provider: 'openrouter', + multimediaModelKey: 'sk-multi-key', + multimediaProvider: 'openrouter', + enableSchedule: false, + }), + }); + assertEqual(res.status, 200, '同步状态码'); + const data = await res.json(); + assertEqual(data.role.reviewStatus, 'synced', '同步后状态'); + assertTruthy(data.role.qrCodeUrl, '二维码 URL'); + assertTruthy(data.profileId, 'profileId'); + assertTruthy(data.profileId.startsWith('hermes_'), 'profileId 前缀'); + syncResponse = data; + console.log(` profileId: ${data.profileId}`); + console.log(` qrCodeUrl: ${data.role.qrCodeUrl}`); + }); + + // 7. 验证 hermes-server 健康检查 + await assert('hermes-server 健康检查', async () => { + const res = await fetch(`${BASE_HERMES}/api/health`); + assertEqual(res.status, 200, '健康检查状态码'); + const data = await res.json(); + assertEqual(data.status, 'ok', '健康状态'); + // P2 修复后:health 不再泄露 syncSecretConfigured,改用 storageOk/status + assertEqual(data.profileCount, 1, 'profile 数量'); + }); + + // 8. 验证 hermes-server profile 列表 + await assert('hermes-server profile 列表', async () => { + const res = await fetch(`${BASE_HERMES}/api/profiles`, { + headers: { Authorization: `Bearer ${HERMES_ADMIN_TOKEN}` }, + }); + assertEqual(res.status, 200, 'profile 列表状态码'); + const data = await res.json(); + assertEqual(data.total, 1, 'profile 总数'); + assertEqual(data.profiles[0].profileName, 'star-spirit', 'profile 名称'); + assertEqual(data.profiles[0].roleId, roleId, 'roleId 关联'); + // P0 修复后:sourceBaseUrl 来自 hermes-server 的 ETERNALAI_BASE_URL 环境变量 + assertEqual(data.profiles[0].sourceBaseUrl, BASE_ETERNAL, 'sourceBaseUrl 来自环境变量'); + }); + + // 9. 验证 hermes-server profile 详情 + await assert('hermes-server profile 详情', async () => { + const res = await fetch(`${BASE_HERMES}/api/profiles/${syncResponse.profileId}`, { + headers: { Authorization: `Bearer ${HERMES_ADMIN_TOKEN}` }, + }); + assertEqual(res.status, 200, 'profile 详情状态码'); + const data = await res.json(); + assertEqual(data.profile.profileId, syncResponse.profileId, 'profileId'); + assertEqual(data.profile.modelKey, 'sk-test-key', 'modelKey'); + assertEqual(data.profile.provider, 'openrouter', 'provider'); + assertEqual(data.profile.enableSchedule, false, 'enableSchedule'); + assertEqual(data.profile.boundWechat, null, '未绑定状态'); + }); + + // 10. 验证 hermes-server 提供 SOUL.md 下载 + await assert('hermes-server 提供 SOUL.md 下载', async () => { + const res = await fetch(`${BASE_HERMES}/api/profiles/${syncResponse.profileId}/SOUL.md`); + assertEqual(res.status, 200, 'SOUL.md 状态码'); + const text = await res.text(); + assertTruthy(text.includes('星灵'), 'SOUL.md 内容包含角色名'); + assertTruthy(text.includes('星辰大海'), 'SOUL.md 内容包含背景'); + }); + + // 11. 验证 hermes-server 提供 config.yaml 下载 + await assert('hermes-server 提供 config.yaml 下载', async () => { + const res = await fetch(`${BASE_HERMES}/api/profiles/${syncResponse.profileId}/config.yaml`); + assertEqual(res.status, 200, 'config.yaml 状态码'); + const text = await res.text(); + assertTruthy(text.includes('model:'), 'config.yaml 包含 model 字段'); + assertTruthy(text.includes('temperature:'), 'config.yaml 包含 temperature 字段'); + }); + + // 12. 验证二维码图片可访问 + await assert('二维码图片可访问', async () => { + const res = await fetch(syncResponse.role.qrCodeUrl); + assertEqual(res.status, 200, '二维码图片状态码'); + assertEqual(res.headers.get('content-type'), 'image/png', '二维码图片类型'); + const buffer = await res.arrayBuffer(); + assertTruthy(buffer.byteLength > 100, '二维码图片大小'); + }); + + // 13. 验证绑定页面可访问 + await assert('绑定页面可访问', async () => { + const res = await fetch(`${BASE_HERMES}/api/bind/${syncResponse.profileId}`); + assertEqual(res.status, 200, '绑定页面状态码'); + const html = await res.text(); + assertTruthy(html.includes('star-spirit'), '绑定页面包含 profile 名称'); + assertTruthy(html.includes('确认绑定'), '绑定页面包含绑定按钮'); + }); + + // 14. 执行绑定 + await assert('执行绑定', async () => { + const res = await fetch(`${BASE_HERMES}/api/bind/${syncResponse.profileId}`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ wechatId: 'wx_test_12345' }), + }); + assertEqual(res.status, 200, '绑定状态码'); + const data = await res.json(); + assertEqual(data.profileId, syncResponse.profileId, '绑定返回 profileId'); + assertTruthy(data.boundAt, '绑定时间'); + }); + + // 15. 验证已绑定后再次绑定返回 400 + await assert('重复绑定返回 400', async () => { + const res = await fetch(`${BASE_HERMES}/api/bind/${syncResponse.profileId}`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ wechatId: 'wx_other' }), + }); + assertEqual(res.status, 400, '重复绑定状态码'); + }); + + // 16. 验证已绑定页面显示 + await assert('已绑定页面显示', async () => { + const res = await fetch(`${BASE_HERMES}/api/bind/${syncResponse.profileId}`); + const html = await res.text(); + assertTruthy(html.includes('已成功绑定'), '已绑定页面提示'); + }); + + // 17. 验证 EternalAI 角色库显示已同步角色 + await assert('EternalAI 角色库显示已同步角色', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/roles`); + const data = await res.json(); + const found = data.roles.find((r) => r.id === roleId); + assertTruthy(found, '角色库包含已同步角色'); + }); + + // 18. 验证 SYNC_SECRET 写保护(不能通过 PUT 修改) + await assert('SYNC_SECRET 写保护', async () => { + const res = await fetch(`${BASE_ETERNAL}/api/admin/config/SYNC_SECRET`, { + method: 'PUT', + headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${adminToken}` }, + body: JSON.stringify({ value: 'hacked' }), + }); + assertEqual(res.status, 403, '写保护状态码'); + }); + + // 19. 验证无效 sync_token 被拒绝 + await assert('无效 sync_token 被拒绝', async () => { + const res = await fetch(`${BASE_HERMES}/api/sync`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ + profileName: 'test', + syncToken: 'invalid.token.here', + roleId: 'fake-id', + }), + }); + assertEqual(res.status, 401, '无效 token 状态码'); + }); + + // 20. 验证缺少参数被拒绝 + await assert('缺少参数被拒绝', async () => { + const res = await fetch(`${BASE_HERMES}/api/sync`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ profileName: 'test' }), + }); + assertEqual(res.status, 400, '缺少参数状态码'); + }); + + // ===== 清理 ===== + console.log('\n===== 清理 ====='); + // 清理 hermes-server 上的 profile + await cleanupHermesProfiles(); + // 清理 EternalAI 数据库 + await prisma.order.deleteMany(); + await prisma.apiKey.deleteMany(); + await prisma.role.deleteMany(); + await prisma.admin.deleteMany(); + await prisma.user.deleteMany(); + await prisma.systemConfig.deleteMany({ where: { key: 'HERMES_WEBHOOK_URL' } }); + await prisma.$disconnect(); + + // ===== 结果 ===== + console.log(`\n===== 结果: ${passed} passed, ${failed} failed =====`); + process.exit(failed > 0 ? 1 : 0); +} + +main().catch((err) => { + console.error('测试运行失败:', err); + process.exit(1); +});