Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
j-spring-mvc
Advanced tools
Readme
源码:j-spring 轻量级的IOC库. 源码:j-spring-mvc 基于j-spring和express的WEB框架。
j-spring-mvc就是换了壳的express,这个项目并没有重复创建轮子,只是对喜欢express的人提供了更多的选择。对于java程序员,肯定能闻到熟悉的配方和味道。
对于Node上面的WEB框架,我最喜欢的还是Express。
优点:
缺点:
j-spring 提供IOC和AOP的能力,把express进行模块化的封装。
代码会在过后的几个章节进行描述,其实也不多,毕竟只是加了一层壳。
//1.springmvc 配置
const SpringMvcModule = [
SpringMvcStarter, //web启动器
ExpressAppEnhanceBeanProcessor, // express配置后置处理器
ControllerBeanProcessor, // 控制器后置处理器
SpringParamterBeanPostProcessor]; // 参数反射后置处理器 用于处理@RequestPram之类的
//2.express 配置
const springMvcConfig = [
EjsViewConfigruation,// ejs视图配置
ExpressMemorySessionConfiguration // 内存session配置
]
//3.控制器
const controllerClassList = [
StudentController, //学生路由控制器
XiaoAiController //测试
]
spring.bindModule([
SpringMvcModule,
springMvcConfig,
controllerClassList])
.loadConfig({'indexMsg':'j-spring','root':__dirname}) //加载配置
.invokeStarter();//调用启动器
这里看到配置很多,主要是为了展示整个运行过程。其实1和2都可以放到j-spring-mvc里面作为默认配置一把到导出的。 例如
const SpringMvcBaseModule = [...SpringMvcModule,...springMvcConfig]
spring.bindModule([SpringMvcBaseModule,controllerClassList]).loadConfig({...}).invokeStarter();
如果需要更换其中一个配置,就只需要使用j-spring的repalceClass方法即可。例如将session交由mysql存储,更换指定配置即可。
spring.bindModule([SpringMvcBaseModule,controllerClassList])
.replaceClass(ExpressMemorySessionConfiguration,ExpressMysqlSeesionConfiguration) //更换依赖即可
只要继承ExpressConfiguration接口即可。这样该配置就可以使用j-spring容器的能力,包括自动注入和装配。你可以写无限多个配置类,然后统一在yaml里面编写配置参数即可。
/**
* ejs页面配置
*/
@Component
export class EjsViewConfigruation implements ExpressConfiguration {
@Value({path:'root',type:String})
root:string;
@Value({path:'express.viewPath',type:String,force:false})
viewPath:string = 'view';
load(app: any): void {
app.set('views', path.join(this.root,this.viewPath));
app.set('view engine', 'ejs');
}
isExpressConfiguration(): boolean {
return true;
}
}
//spring.bind(EjsViewConfigruation) 即可
是不是熟悉的味道,嘿嘿。最大程度的还原了springMvc的编码风格。
//定义控制器
@Controller('/student')
export class StudentController {
@Autowired({clazz:StudentServiceImpl})
service:StudentService;
//页面渲染
@Get()
async index(){
return ['index.ejs',{msg:'hello world'}]
}
//接口返回
@Get('/getStudentInfo/:id')
@ResponseBody()
async getStudentInfo(
@PathVariable('id') id:string,
@RequestParam('name') name:string){
return {id,name}
}
@Get()
@ResponseBody()
async addSessionName(@Param('session') session:any){
session['name'] = 'xiaoAi'
return {msg:'add success!'}
}
}
//定义中间件1
@Component
class XiaoAiMustBeExist implements ExpressMiddleWare {
isExpressMidldleWare(): boolean {
return true;
}
invoke(req: any, res: any, next: Function): void {
if(! req.session?.name){
throw `xiaoai must be exist!`
}
next();
}
}
//定义中间件2
@Component
class OtherMiddleWare implements ExpressMiddleWare {...}
@Controller('xiaoai')
@ApiMiddleWare([XiaoAiMustBeExist])
export class XiaoAiController {
@Get()
@ResponseBody()
@MiddleWare([OtherMiddleWare])
async getXiaoAiName(@SessionAttribute('name') name:string){
return {name}
}
}
到这里j-spring-mvc就完成了,因为底层还是express,所以运行的还是相当稳定的。
j-spring-mvc包含了的优点以及优化了不足。
FAQs
源码:[j-spring](https://github.com/892280082/j-spring) 轻量级的IOC库. 源码:[j-spring-mvc](https://github.com/892280082/j-spring-mvc) 基于j-spring和express的WEB框架。
The npm package j-spring-mvc receives a total of 8 weekly downloads. As such, j-spring-mvc popularity was classified as not popular.
We found that j-spring-mvc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.