
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
egg-qeelyn-framework
Advanced tools
基于eggjs整理了一套服务端框架
npm i egg-qeelyn-framework --S
再package.json中增加
{
...
"egg": {
"framework": "egg-qeelyn-framework"
},
...
}
使用 vs code 开发 建议安装插件eggjs
框架controllser是前端模块配合调用的api接口层,主要用处理公共头部的接口、spm的创建接口、用户注销的logout接口,当然也可以自行实现
路由配置即可使用。 (copy过去就可以了)
// 前端公共部分ui的api
router.post('/qeelyn-framework/usercenter-api', controller.qeelynFrameworkApi.ucenterApi);
// 注销api
router.get('/qeelyn-framework/logout', controller.qeelynFrameworkApi.logout);
// 前端日志记录使用
router.get('/qeelyn-framework/log', controller.qeelynFrameworkApi.log);
// spm生产api spm的使用需要配置redis
router.post('/qeelyn-framework/spm', controller.qeelynFrameworkApi.spm);
规范 输出和某种特定请求的获取
具体内容说明在对应文件中可以查看
//规范输出
ctx.helper.jsonResult(data, error)
ctx.helper.errorOut(errors)
//特殊格式获取
ctx.helper.getQueryData(query, method)
//日志的json输出 (目前废弃)
ctx.logger
//真实ip获取 会获取代理中的x-forwarded-for
ctx.xip
//处理生成reqId
ctx.reqId
middleware是和路由配合,在子系统的路由中调用。主要处理api的jwt验证、spm的用户服务、记录request log、防重、防串改签名验证
jwt验证需要一个 rsa_pub.pem 的解密文件 放在子系统的app目录下
在路由中使用 具体内容说明在对应文件中可以查看
// 用于api处理
const qeelynApiAuth = app.middleware.qeelynApiAuth(),
qeelynValidSign = app.middleware.qeelynValidSign(),
qeelynLog = app.middleware.qeelynLog();
router.post('/api/xxx',qeelynValidSign, qeelynLog, qeelynApiAuth, controller.api.api);
// 用于页面路由处理
const qeelynSpmAuth = app.middleware.qeelynSpmAuth(),
qeelynPageAuth = app.middleware.qeelynPageAuth();
router.get('/*',qeelynSpmAuth, qeelynPageAuth, controller.home.index);
框架service提供一些可以给系统调用的service 主要有 统一的qeelyn服务端模拟http请求、邮件发送、用户登陆和信息查询服务、spm服务
具体内容说明在对应文件中可以查看
//举了个例子
const body = await this.service.qeelynSpmClient.createSpm();
配置文件 config.default.js 具体已再文件内备注好
//针对自己的系统定义一个appCode(必须配置)
config.appCode = '';
//发送邮件需要配置
config.mailer={};
可参考eggjs的单元测试 本项目的单元测试目录在test下,运行如下代码可以进行单元测试:
npm run test-local xxxx(代表test对应目录文件)
npm run test-local test/service/qeelynSpmClient.test.js
运行时需要再test\fixtures\example\config增加config.unittest.js和rsa_pub.pem
'use strict';
const path = require('path');
module.exports = appInfo => {
const config = {};
config.keys = appInfo.name + '_v1.0.0';
config.appCode = 'unittest';
config.publicKeyPath = path.join(appInfo.baseDir, 'config/rsa_pub.pem');
config.api = {
deoGateway: '',
ucenterAuth: '',
};
config.pageConfig = {
loginUrl: '',
ucenterHost: ''
};
config.cache = {
redis: {
port: 6379,
host: '127.0.0.1',
db: 0,
},
};
config.orgId = 0;
config.token = '';
config.refreshToken = '';
config.authData = {
account: '',
password: '',
headers: {
'User-Agent': '',
Referer: ''
}
};
return config;
};
解析jwt的文件
FAQs
eggjs qeelyn framework
We found that egg-qeelyn-framework demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.