feat: 更新CORS配置，允许跨域请求携带凭证和自定义请求头

feat: 修复POST /:key处理，确保kvStore.upsert操作为异步执行
feat: 增强POST /:key处理，支持空值和JSON格式验证
2025-12-07 21:13:10 +00:00 · 2025-12-06 13:41:40 +08:00 · 2025-12-06 13:10:02 +08:00 · 2025-12-06 13:09:00 +08:00 · 2025-12-06 11:54:58 +08:00 · 2025-12-06 11:54:41 +08:00
3 changed files with 59 additions and 41 deletions
--- a/app.js
+++ b/app.js
@ -25,6 +25,10 @@ app.use(
    cors({
        exposedHeaders: ["ratelimit-policy", "retry-after", "ratelimit"], // 告诉浏览器这些响应头可以暴露
        maxAge: 86400, // 设置OPTIONS请求的结果缓存24小时(86400秒)，减少预检请求
        credentials: true, // 允许跨域请求携带凭证
        allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With", "Accept"], // 允许的请求头
        methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], // 允许的HTTP方法
        withCredentials: true, // 允许携带cookie等凭证信息
    })
 );
 app.disable("x-powered-by");
--- a/routes/kv-token.js
+++ b/routes/kv-token.js
@ -1,7 +1,7 @@
-import {Router} from "express";
+import { Router } from "express";
 import kvStore from "../utils/kvStore.js";
-import {broadcastKeyChanged} from "../utils/socket.js";
+import { broadcastKeyChanged } from "../utils/socket.js";
-import {kvTokenAuth} from "../middleware/kvTokenAuth.js";
+import { kvTokenAuth } from "../middleware/kvTokenAuth.js";
 import {
    prepareTokenForRateLimit,
    tokenBatchLimiter,
@ -10,7 +10,7 @@ import {
    tokenWriteLimiter
 } from "../middleware/rateLimiter.js";
 import errors from "../utils/errors.js";
-import {PrismaClient} from "@prisma/client";
+import { PrismaClient } from "@prisma/client";
 const router = Router();
@ -34,7 +34,7 @@ router.get(
        // 获取设备信息，包含关联的账号
        const device = await prisma.device.findUnique({
-            where: {id: deviceId},
+            where: { id: deviceId },
            include: {
                account: true,
            },
@ -88,7 +88,7 @@ router.get(
        // 查找当前 token 对应的应用安装记录
        const appInstall = await prisma.appInstall.findUnique({
-            where: {token},
+            where: { token },
            include: {
                device: {
                    select: {
@ -133,7 +133,7 @@ router.get(
    tokenReadLimiter,
    errors.catchAsync(async (req, res) => {
        const deviceId = res.locals.deviceId;
-        const {sortBy, sortDir, limit, skip} = req.query;
+        const { sortBy, sortDir, limit, skip } = req.query;
        // 构建选项
        const options = {
@ -184,7 +184,7 @@ router.get(
    tokenReadLimiter,
    errors.catchAsync(async (req, res) => {
        const deviceId = res.locals.deviceId;
-        const {sortBy, sortDir, limit, skip} = req.query;
+        const { sortBy, sortDir, limit, skip } = req.query;
        // 构建选项
        const options = {
@ -230,7 +230,7 @@ router.get(
    tokenReadLimiter,
    errors.catchAsync(async (req, res, next) => {
        const deviceId = res.locals.deviceId;
-        const {key} = req.params;
+        const { key } = req.params;
        const value = await kvStore.get(deviceId, key);
@ -253,7 +253,7 @@ router.get(
    tokenReadLimiter,
    errors.catchAsync(async (req, res, next) => {
        const deviceId = res.locals.deviceId;
-        const {key} = req.params;
+        const { key } = req.params;
        const metadata = await kvStore.getMetadata(deviceId, key);
        if (!metadata) {
@ -353,10 +353,22 @@ router.post(
        }
        const deviceId = res.locals.deviceId;
-        const {key} = req.params;
+        const { key } = req.params;
-        const value = req.body;
+        let value = req.body;
-      
+        // 处理空值，转换为空对象
        if (value === null || value === undefined || value === '') {
            value = {};
        }
        // 验证是否能被 JSON 序列化
        try {
            JSON.stringify(value);
        } catch (error) {
            return next(
                errors.createError(400, "无效的数据格式")
            );
        }
        // 获取客户端IP
        const creatorIp =
@ -402,7 +414,7 @@ router.delete(
        }
        const deviceId = res.locals.deviceId;
-        const {key} = req.params;
+        const { key } = req.params;
        const result = await kvStore.delete(deviceId, key);
--- a/utils/socket.js
+++ b/utils/socket.js
@ -12,9 +12,9 @@
 * - 令牌信息缓存：在连接时预加载令牌详细信息以提高性能
 */
-import {Server} from "socket.io";
+import { Server } from "socket.io";
-import {PrismaClient} from "@prisma/client";
+import { PrismaClient } from "@prisma/client";
-import {onlineDevicesGauge} from "./metrics.js";
+import { onlineDevicesGauge } from "./metrics.js";
 import DeviceDetector from "node-device-detector";
 import ClientHints from "node-device-detector/client-hints.js";
@ -96,14 +96,16 @@ function detectDeviceName(userAgent, headers = {}) {
 export function initSocket(server) {
    if (io) return io;
    const allowOrigin = process.env.FRONTEND_URL || "*";
    io = new Server(server, {
        cors: {
-            origin: allowOrigin,
+            origin: "*",
-            methods: ["GET", "POST"],
+            methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
-            credentials: true,
+            allowedHeaders: ["*"],
            credentials: false
        },
        // 传输方式回退策略：优先使用WebSocket,回退到轮询
        transports: ["polling", "websocket"],
    });
    io.on("connection", (socket) => {
@ -132,8 +134,8 @@ export function initSocket(server) {
                const token = payload?.token || payload?.apptoken;
                if (typeof token !== "string" || token.length === 0) return;
                const appInstall = await prisma.appInstall.findUnique({
-                    where: {token},
+                    where: { token },
-                    include: {device: {select: {uuid: true}}},
+                    include: { device: { select: { uuid: true } } },
                });
                const uuid = appInstall?.device?.uuid;
                if (uuid) {
@ -156,11 +158,11 @@ export function initSocket(server) {
        // 获取事件历史记录
        socket.on("get-event-history", (data) => {
            try {
-                const {limit = 50, offset = 0} = data || {};
+                const { limit = 50, offset = 0 } = data || {};
                const uuids = Array.from(socket.data.deviceUuids || []);
                if (uuids.length === 0) {
-                    socket.emit("event-history-error", {reason: "not_joined_any_device"});
+                    socket.emit("event-history-error", { reason: "not_joined_any_device" });
                    return;
                }
@ -182,7 +184,7 @@ export function initSocket(server) {
            } catch (err) {
                console.error("get-event-history error:", err);
-                socket.emit("event-history-error", {reason: "internal_error"});
+                socket.emit("event-history-error", { reason: "internal_error" });
            }
        });
@ -191,35 +193,35 @@ export function initSocket(server) {
            try {
                // 验证数据结构
                if (!data || typeof data !== "object") {
-                    socket.emit("event-error", {reason: "invalid_data_format"});
+                    socket.emit("event-error", { reason: "invalid_data_format" });
                    return;
                }
-                const {type, content} = data;
+                const { type, content } = data;
                // 验证事件类型
                if (typeof type !== "string" || type.trim().length === 0) {
-                    socket.emit("event-error", {reason: "invalid_event_type"});
+                    socket.emit("event-error", { reason: "invalid_event_type" });
                    return;
                }
                // 验证内容格式（必须是对象或null）
                if (content !== null && (typeof content !== "object" || Array.isArray(content))) {
-                    socket.emit("event-error", {reason: "content_must_be_object_or_null"});
+                    socket.emit("event-error", { reason: "content_must_be_object_or_null" });
                    return;
                }
                // 获取当前socket所在的设备房间
                const uuids = Array.from(socket.data.deviceUuids || []);
                if (uuids.length === 0) {
-                    socket.emit("event-error", {reason: "not_joined_any_device"});
+                    socket.emit("event-error", { reason: "not_joined_any_device" });
                    return;
                }
                // 检查只读权限
                const tokenInfo = socket.data.tokenInfo;
                if (tokenInfo?.isReadOnly) {
-                    socket.emit("event-error", {reason: "readonly_token_cannot_send_events"});
+                    socket.emit("event-error", { reason: "readonly_token_cannot_send_events" });
                    return;
                }
@ -227,7 +229,7 @@ export function initSocket(server) {
                const MAX_SIZE = 10240; // 10KB
                const serializedContent = JSON.stringify(content);
                if (serializedContent.length > MAX_SIZE) {
-                    socket.emit("event-error", {reason: "content_too_large", maxSize: MAX_SIZE});
+                    socket.emit("event-error", { reason: "content_too_large", maxSize: MAX_SIZE });
                    return;
                }
@ -274,7 +276,7 @@ export function initSocket(server) {
            } catch (err) {
                console.error("send-event error:", err);
-                socket.emit("event-error", {reason: "internal_error"});
+                socket.emit("event-error", { reason: "internal_error" });
            }
        });
@ -288,10 +290,10 @@ export function initSocket(server) {
            // 清理socket相关缓存
            if (socket.data.currentToken) {
-                // 如果这是该token的最后一个连接，考虑清理缓存
+                // 如果这是该token的最后一个连接,考虑清理缓存
                const tokenSet = onlineTokens.get(socket.data.currentToken);
                if (!tokenSet || tokenSet.size === 0) {
-                    // 可以选择保留缓存一段时间，这里暂时保留
+                    // 可以选择保留缓存一段时间,这里暂时保留
                    // tokenInfoCache.delete(socket.data.currentToken);
                }
            }
@ -320,7 +322,7 @@ function joinDeviceRoom(socket, uuid) {
    set.add(socket.id);
    onlineMap.set(uuid, set);
    // 可选：通知加入
-    io.to(uuid).emit("device-joined", {uuid, connections: set.size});
+    io.to(uuid).emit("device-joined", { uuid, connections: set.size });
 }
 /**
@ -525,7 +527,7 @@ function cleanupDeviceCache(uuid) {
 export function getOnlineDevices() {
    const list = [];
    for (const [token, set] of onlineTokens.entries()) {
-        list.push({token, connections: set.size});
+        list.push({ token, connections: set.size });
    }
    // 默认按连接数降序
    return list.sort((a, b) => b.connections - a.connections);
@ -549,7 +551,7 @@ export default {
 async function joinByToken(socket, token) {
    try {
        const appInstall = await prisma.appInstall.findUnique({
-            where: {token},
+            where: { token },
            include: {
                device: {
                    select: {
@ -606,10 +608,10 @@ async function joinByToken(socket, token) {
                }
            });
        } else {
-            socket.emit("join-error", {by: "token", reason: "invalid_token"});
+            socket.emit("join-error", { by: "token", reason: "invalid_token" });
        }
    } catch (error) {
        console.error("joinByToken error:", error);
-        socket.emit("join-error", {by: "token", reason: "database_error"});
+        socket.emit("join-error", { by: "token", reason: "database_error" });
    }
 }
Author	SHA1	Message	Date
Sunwuyuan	e65f84aa22	feat: 更新CORS配置，允许跨域请求携带凭证和自定义请求头	2025-12-06 13:41:40 +08:00
Sunwuyuan	ab8904b549	feat: 修复POST /:key处理，确保kvStore.upsert操作为异步执行	2025-12-06 13:10:02 +08:00
Sunwuyuan	da633ca5b6	feat: 增强POST /:key处理，支持空值和JSON格式验证	2025-12-06 13:09:00 +08:00
Sunwuyuan	1f68aea39f	Merge branch 'main' of https://github.com/ZeroCatDev/ClassworksKV	2025-12-06 11:54:58 +08:00
Sunwuyuan	b782945674	feat: 更新Socket.IO CORS设置，支持更多HTTP方法	2025-12-06 11:54:41 +08:00
Sunwuyuan	1e1b99a070	feat: 更新Socket.IO初始化配置，优化CORS设置和传输方式	2025-12-06 11:53:57 +08:00