yuyx
ab7e08a21b
## 安全修复 - 修复 /api/user/profile 接口泄露 OSS 密钥的安全漏洞 - 增强 getObjectKey 路径安全检查(空字节注入、URL 编码绕过) - 修复 storage.end() 重复调用问题 - 增强上传签名接口的安全检查 ## Bug 修复 - 修复 rename 使用错误的 PutObjectCommand,改为 CopyObjectCommand - 修复 CopySource 编码问题,正确处理特殊字符 - 修复签名 URL 生成功能(添加 @aws-sdk/s3-request-presigner) - 修复 S3Client 配置(阿里云 region 格式、endpoint 处理) - 修复分页删除和列表功能(超过 1000 文件的处理) - 修复分享下载使用错误的存储类型字段 - 修复前端媒体预览异步处理错误 - 修复 OSS 直传 objectKey 格式不一致问题 - 修复包名错误 @aws-sdk/request-presigner -> @aws-sdk/s3-request-presigner - 修复前端下载错误处理不完善 ## 新增功能 - 添加 OSS 连接测试 API (/api/user/test-oss) - 添加重命名失败回滚机制 - 添加 OSS 配置前端验证 ## 其他改进 - 更新 install.sh 仓库地址为 git.workyai.cn - 添加 crypto 模块导入 - 修复代码格式和重复定义问题 - 添加缺失的表单对象定义 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
41 lines
935 B
JSON
41 lines
935 B
JSON
{
|
|
"name": "wanwanyun-backend",
|
|
"version": "3.1.0",
|
|
"description": "玩玩云 - 云存储管理平台后端服务",
|
|
"main": "server.js",
|
|
"scripts": {
|
|
"start": "node server.js",
|
|
"dev": "nodemon server.js"
|
|
},
|
|
"keywords": [
|
|
"cloud-storage",
|
|
"oss",
|
|
"s3",
|
|
"file-manager",
|
|
"alibaba-cloud",
|
|
"tencent-cloud"
|
|
],
|
|
"author": "玩玩云团队",
|
|
"license": "MIT",
|
|
"dependencies": {
|
|
"archiver": "^7.0.1",
|
|
"bcryptjs": "^3.0.3",
|
|
"better-sqlite3": "^11.8.1",
|
|
"cookie-parser": "^1.4.7",
|
|
"cors": "^2.8.5",
|
|
"dotenv": "^16.3.1",
|
|
"express": "^4.18.2",
|
|
"express-session": "^1.18.2",
|
|
"express-validator": "^7.3.0",
|
|
"jsonwebtoken": "^9.0.2",
|
|
"multer": "^2.0.2",
|
|
"nodemailer": "^6.9.14",
|
|
"@aws-sdk/client-s3": "^3.600.0",
|
|
"@aws-sdk/s3-request-presigner": "^3.600.0",
|
|
"svg-captcha": "^1.4.0"
|
|
},
|
|
"devDependencies": {
|
|
"nodemon": "^3.0.1"
|
|
}
|
|
}
|