go/http
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: go:v1.5.0
Branches Tags
go:main
go:v1.5.2
go:v1.5.1
go:v1.5.0
go:v1.3.4
go:v1.3.3
go:v1.3.2
go:v1.3.1
go:v1.3.0
go:v1.0.11
go:v1.0.10
go:v1.0.9
go:v1.0.8
go:v1.0.7
go:v1.0.6
go:v1.0.5
go:v1.0.4
go:v1.0.3
go:v1.0.2
...
compare: go:main
Branches Tags
go:main
go:v1.5.2
go:v1.5.1
go:v1.5.0
go:v1.3.4
go:v1.3.3
go:v1.3.2
go:v1.3.1
go:v1.3.0
go:v1.0.11
go:v1.0.10
go:v1.0.9
go:v1.0.8
go:v1.0.7
go:v1.0.6
go:v1.0.5
go:v1.0.4
go:v1.0.3
go:v1.0.2

1 Commits
v1.5.0 ... main

Author SHA1 Message Date
AI Engineer
12c9672f40 feat: align JS exports to uppercase methods, map headers, and add multipart safety (by AI) 2026-06-10 11:53:11 +08:00
5 changed files with 82 additions and 30 deletions
Show Stats Expand all files Collapse all files

7
CHANGELOG.md
View File

@ -1,5 +1,12 @@
# CHANGELOG # CHANGELOG
## v1.5.1 (2026-06-08)
- **JS 对齐 & 安全加固**:
- HTTP 方法名统一更正为全大写(`GET`, `POST`, `PUT`, `DELETE`),强化协议语义。
- **Headers 优化**: JS 侧 Headers 参数从变长字符串改为更符合 JS 习惯的 `map[string]string` 对象。
- **深度安全扫描**: 在 `POST/PUT` 请求中对 `Multipart` 涉及的文件路径进行前置扫描,强制通过 `file.VerifyPathForSafeMode` 校验,严防低代码环境下的敏感文件泄露。
- **结果集对齐**: `Result.Save` 方法现在同样受安全沙箱控制。
## v1.3.4 (2026-05-30) ## v1.3.4 (2026-05-30)
- **API 变更**: 将 `timeout(ms)` 拆分为 `new(ms)``newH2C(ms)` 以支持 HTTP/2 Cleartext。 - **API 变更**: 将 `timeout(ms)` 拆分为 `new(ms)``newH2C(ms)` 以支持 HTTP/2 Cleartext。
- **安全性**: 移除 `setGlobalHeader` / `getGlobalHeader` 以增强脚本间隔离。 - **安全性**: 移除 `setGlobalHeader` / `getGlobalHeader` 以增强脚本间隔离。

2
client.go
View File

@ -188,7 +188,7 @@ func (client *Client) doByRequest(manualDo bool, request *http.Request, method,
} }
} }
if !foundID { if !foundID {
headers = append(headers, HeaderRequestID, string(encoding.Hex(rand.Bytes(16)))) headers = append(headers, HeaderRequestID, encoding.Hex(rand.Bytes(16)))
} }
// 续传 X-Forwarded-For // 续传 X-Forwarded-For

4
go.mod
View File

@ -17,8 +17,8 @@ require (
apigo.cc/go/id v1.5.0 // indirect apigo.cc/go/id v1.5.0 // indirect
apigo.cc/go/safe v1.5.0 // indirect apigo.cc/go/safe v1.5.0 // indirect
apigo.cc/go/shell v1.5.0 // indirect apigo.cc/go/shell v1.5.0 // indirect
golang.org/x/crypto v0.51.0 // indirect golang.org/x/crypto v0.52.0 // indirect
golang.org/x/sys v0.44.0 // indirect golang.org/x/sys v0.45.0 // indirect
golang.org/x/text v0.37.0 // indirect golang.org/x/text v0.37.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
) )

6
go.sum
View File

@ -24,12 +24,10 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8=
golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w= golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ= golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

91
js_export.go
View File

@ -1,73 +1,112 @@
package http package http
import ( import (
"context"
"time" "time"
"apigo.cc/go/file"
"apigo.cc/go/jsmod" "apigo.cc/go/jsmod"
) )
func init() { func init() {
jsmod.Register("http", map[string]any{ jsmod.Register("http", map[string]any{
// Static requests with default timeout (30s) // Static requests with default timeout (30s)
"get": func(url string, headers ...string) *jsResult { "GET": func(ctx context.Context, url string, headers map[string]string) *jsResult {
return wrapResult(Get(url, headers...)) return wrapResult(ctx, Get(url, flattenHeaders(headers)...))
}, },
"post": func(url string, data any, headers ...string) *jsResult { "POST": func(ctx context.Context, url string, data any, headers map[string]string) (*jsResult, error) {
return wrapResult(Post(url, data, headers...)) if err := verifyMultipart(ctx, data); err != nil {
return nil, err
}
return wrapResult(ctx, Post(url, data, flattenHeaders(headers)...)), nil
}, },
"put": func(url string, data any, headers ...string) *jsResult { "PUT": func(ctx context.Context, url string, data any, headers map[string]string) (*jsResult, error) {
return wrapResult(Put(url, data, headers...)) if err := verifyMultipart(ctx, data); err != nil {
return nil, err
}
return wrapResult(ctx, Put(url, data, flattenHeaders(headers)...)), nil
}, },
"delete": func(url string, data any, headers ...string) *jsResult { "DELETE": func(ctx context.Context, url string, data any, headers map[string]string) *jsResult {
return wrapResult(Delete(url, data, headers...)) return wrapResult(ctx, Delete(url, data, flattenHeaders(headers)...))
}, },
// Client creation // Client creation
"new": func(ms int) *jsClient { "New": func(ms int) *jsClient {
return &jsClient{c: NewClient(time.Duration(ms) * time.Millisecond)} return &jsClient{c: NewClient(time.Duration(ms) * time.Millisecond)}
}, },
"newH2C": func(ms int) *jsClient { "NewH2C": func(ms int) *jsClient {
return &jsClient{c: NewClientH2C(time.Duration(ms) * time.Millisecond)} return &jsClient{c: NewClientH2C(time.Duration(ms) * time.Millisecond)}
}, },
// Data markers // Data markers
"form": func(data map[string]string) Form { "Form": func(data map[string]string) Form {
return Form(data) return Form(data)
}, },
"multipart": func(data map[string]any) Multipart { "Multipart": func(data map[string]any) Multipart {
return Multipart(data) return Multipart(data)
}, },
}) })
} }
func flattenHeaders(m map[string]string) []string {
if len(m) == 0 {
return nil
}
res := make([]string, 0, len(m)*2)
for k, v := range m {
res = append(res, k, v)
}
return res
}
func verifyMultipart(ctx context.Context, data any) error {
if m, ok := data.(Multipart); ok {
for _, v := range m {
if s, ok := v.(string); ok && file.Exists(s) {
if _, err := file.VerifyPathForSafeMode(ctx, s); err != nil {
return err
}
}
}
}
return nil
}
// jsClient wraps the internal Client to provide a JS-friendly interface // jsClient wraps the internal Client to provide a JS-friendly interface
type jsClient struct { type jsClient struct {
c *Client c *Client
} }
func (jc *jsClient) Get(url string, headers ...string) *jsResult { func (jc *jsClient) GET(ctx context.Context, url string, headers map[string]string) *jsResult {
return wrapResult(jc.c.Get(url, headers...)) return wrapResult(ctx, jc.c.Get(url, flattenHeaders(headers)...))
} }
func (jc *jsClient) Post(url string, data any, headers ...string) *jsResult { func (jc *jsClient) POST(ctx context.Context, url string, data any, headers map[string]string) (*jsResult, error) {
return wrapResult(jc.c.Post(url, data, headers...)) if err := verifyMultipart(ctx, data); err != nil {
return nil, err
}
return wrapResult(ctx, jc.c.Post(url, data, flattenHeaders(headers)...)), nil
} }
func (jc *jsClient) Put(url string, data any, headers ...string) *jsResult { func (jc *jsClient) PUT(ctx context.Context, url string, data any, headers map[string]string) (*jsResult, error) {
return wrapResult(jc.c.Put(url, data, headers...)) if err := verifyMultipart(ctx, data); err != nil {
return nil, err
}
return wrapResult(ctx, jc.c.Put(url, data, flattenHeaders(headers)...)), nil
} }
func (jc *jsClient) Delete(url string, data any, headers ...string) *jsResult { func (jc *jsClient) DELETE(ctx context.Context, url string, data any, headers map[string]string) *jsResult {
return wrapResult(jc.c.Delete(url, data, headers...)) return wrapResult(ctx, jc.c.Delete(url, data, flattenHeaders(headers)...))
} }
// jsResult wraps *Result to hide sensitive methods like Save() // jsResult wraps *Result to hide sensitive methods like Save()
type jsResult struct { type jsResult struct {
ctx context.Context
r *Result r *Result
} }
func wrapResult(r *Result) *jsResult { func wrapResult(ctx context.Context, r *Result) *jsResult {
return &jsResult{r: r} return &jsResult{ctx: ctx, r: r}
} }
func (jr *jsResult) String() string { func (jr *jsResult) String() string {
@ -99,3 +138,11 @@ func (jr *jsResult) Error() string {
} }
return "" return ""
} }
func (jr *jsResult) Save(filename string) error {
p, err := file.VerifyPathForSafeMode(jr.ctx, filename)
if err != nil {
return err
}
return jr.r.Save(p)
}