feat: [destr] 增加destr方法用于解析JSON

IceyWu · IceyWu · commit fc088bd46fa6 · 2024-07-29T16:23:20.000+08:00
diff --git a/src/tools/destr.ts b/src/tools/destr.ts
@@ -0,0 +1,154 @@
+const suspectProtoRx
+  = /"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/
+const suspectConstructorRx
+  = /"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/
+// eslint-disable-next-line
+const JsonSigRx = /^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?(E[+-]?\d+)?\s*$/i
+
+function jsonParseTransform(key: string, value: any): any {
+  if (
+    key === '__proto__'
+    || (key === 'constructor'
+    && value
+    && typeof value === 'object'
+    && 'prototype' in value)
+  ) {
+    warnKeyDropped(key)
+    return
+  }
+  return value
+}
+
+function warnKeyDropped(key: string): void {
+  console.warn(`[destr] Dropping "${key}" key to prevent prototype pollution.`)
+}
+
+export interface Options {
+  strict?: boolean
+  customVal?: any
+}
+/**
+ * @description A faster, secure and convenient alternative for `JSON.parse`
+ * @param  value The value to be parsed
+ * @param  options The options
+ * @returns parsed value
+ * @category tools
+ * @example
+ * ```
+ * // Returns "[foo"
+ * destr("[foo");
+ * // Return is not valid JSON
+ * Json.parse("[foo")
+ * ```
+ */
+export function destr<T = unknown>(value: any, options: Options = {}): T {
+  if (typeof value !== 'string') {
+    return value
+  }
+
+  const _value = value.trim()
+  if (
+
+    value[0] === '"'
+    && value.endsWith('"')
+    && !value.includes('\\')
+  ) {
+    return _value.slice(1, -1) as T
+  }
+
+  if (_value.length <= 9) {
+    const _lval = _value.toLowerCase()
+    if (_lval === 'true') {
+      return true as T
+    }
+    if (_lval === 'false') {
+      return false as T
+    }
+    if (_lval === 'undefined') {
+      return undefined as T
+    }
+    if (_lval === 'null') {
+      return null as T
+    }
+    if (_lval === 'nan') {
+      return Number.NaN as T
+    }
+    if (_lval === 'infinity') {
+      return Number.POSITIVE_INFINITY as T
+    }
+    if (_lval === '-infinity') {
+      return Number.NEGATIVE_INFINITY as T
+    }
+  }
+
+  if (!JsonSigRx.test(value)) {
+    if (options.customVal !== undefined) {
+      return options.customVal as T
+    }
+    if (options.strict) {
+      throw new SyntaxError('[destr] Invalid JSON')
+    }
+    return value as T
+  }
+
+  try {
+    if (suspectProtoRx.test(value) || suspectConstructorRx.test(value)) {
+      if (options.customVal !== undefined) {
+        return options.customVal as T
+      }
+      if (options.strict) {
+        throw new Error('[destr] Possible prototype pollution')
+      }
+      return JSON.parse(value, jsonParseTransform)
+    }
+    return JSON.parse(value)
+  }
+  catch (error) {
+    if (options.customVal !== undefined) {
+      return options.customVal as T
+    }
+    if (options.strict) {
+      throw error
+    }
+    return value as T
+  }
+}
+/**
+ * @description A faster, secure and convenient alternative for `JSON.parse`
+ * @param  value The value to be parsed
+ * @param  options The options
+ * @returns parsed value
+ * @category tools
+ * @example
+ * ```
+ * // Throws an error
+ * safeDestr("[foo");
+ * // Return is not valid JSON
+ * Json.parse("[foo")
+ * ```
+ */
+export function safeDestr<T = unknown>(value: any, options: Options = {}): T {
+  return destr<T>(value, { ...options, strict: true })
+}
+
+/**
+ * @description A faster, secure and convenient alternative for `JSON.parse`
+ * @param  value The value to be parsed
+ * @param  options The options
+ * @returns parsed value
+ * @category tools
+ * @example
+ * ```
+ * // Returns "defaultVal"
+ * customDestr<string>("[foo", { customVal: "defaultVal" });
+ * // Return is not valid JSON
+ * Json.parse("[foo")
+ * ```
+ */
+export function customDestr<T = unknown>(value: any, options: Options = {}): T {
+  if (options.customVal === undefined)
+    return destr<T>(value, { ...options, customVal: null })
+  return destr<T>(value, { ...options })
+}
+
+export default destr
diff --git a/src/tools/index.ts b/src/tools/index.ts
@@ -1,93 +1,10 @@
-/**
- * @description 获取文件类型
- * @param url 文件地址
- * @returns { image, video, pdf, document, audio, zip, excel, ppt, code, executable, presentation, other }
- */
+import other from './other'
+import destr from './destr'
 
-export function getFileType(url: string): string {
-  if (!url)
-    return 'other'
-  const fileTypes: { [key: string]: string[] } = {
-    image: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'svg'],
-    video: ['mp4', 'avi', 'mov'],
-    pdf: ['pdf'],
-    document: ['doc', 'docx', 'txt'],
-    audio: ['mp3', 'wav', 'ogg'],
-    zip: ['zip', 'rar', '7z'],
-    excel: ['xls', 'xlsx', 'csv'],
-    ppt: ['ppt', 'pptx'],
-    code: ['js', 'html', 'css', 'java', 'cpp', 'py'],
-    executable: ['exe', 'msi'],
-    presentation: ['key'],
-  }
-  const fileExtension = url.split('.').pop()?.toLowerCase()
-  for (const fileType in fileTypes) {
-    if (fileTypes[fileType].includes(fileExtension!))
-      return fileType
-  }
-  return 'other'
-}
-
-/**
- * @description 格式化数字，添加千位分隔符
- * @param num 数字
- * @returns { string } string:格式化后的数字
- */
-export function formatNumber(num: number): string {
-  return num.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ',')
-}
-
-/**
- * @description 生成指定长度的随机字符串
- * @param length 长度
- * @returns { string } string:随机字符串
- */
-export function randomString(length: number): string {
-  const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
-  let result = ''
-  for (let i = 0; i < length; i++)
-    result += characters.charAt(Math.floor(Math.random() * characters.length))
-  return result
-}
-
-/**
- * @description 防抖函数
- * @param func 函数
- * @param delay 延迟时间
- * @returns { Function } Function:防抖函数
- */
-export function debounce(func: Function, delay: number): Function {
-  let timer: NodeJS.Timeout
-  return function (this: any, ...args: any[]) {
-    clearTimeout(timer)
-    timer = setTimeout(() => {
-      func.apply(this, args)
-    }, delay)
-  }
-}
+export * from './other'
+export * from './destr'
 
-/**
- * @description 节流函数
- * @param func 函数
- * @param delay 延迟时间
- * @returns { Function } Function:节流函数
- */
-export function throttle(func: Function, delay: number): Function {
-  let timer: NodeJS.Timeout
-  let lastExecTime = 0
-  return function (this: any, ...args: any[]) {
-    const currentTime = Date.now()
-    const remainingTime = delay - (currentTime - lastExecTime)
-    clearTimeout(timer)
-    if (remainingTime <= 0) {
-      func.apply(this, args)
-      lastExecTime = currentTime
-    }
-    else {
-      timer = setTimeout(() => {
-        func.apply(this, args)
-        lastExecTime = Date.now()
-      }, remainingTime)
-    }
-  }
+export const UTools = {
+  ...other,
+  ...destr,
 }
diff --git a/src/tools/other.ts b/src/tools/other.ts
@@ -0,0 +1,102 @@
+/**
+ * @description 获取文件类型
+ * @param url 文件地址
+ * @returns { image, video, pdf, document, audio, zip, excel, ppt, code, executable, presentation, other }
+ */
+
+export function getFileType(url: string): string {
+  if (!url)
+    return 'other'
+  const fileTypes: { [key: string]: string[] } = {
+    image: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'svg'],
+    video: ['mp4', 'avi', 'mov'],
+    pdf: ['pdf'],
+    document: ['doc', 'docx', 'txt'],
+    audio: ['mp3', 'wav', 'ogg'],
+    zip: ['zip', 'rar', '7z'],
+    excel: ['xls', 'xlsx', 'csv'],
+    ppt: ['ppt', 'pptx'],
+    code: ['js', 'html', 'css', 'java', 'cpp', 'py'],
+    executable: ['exe', 'msi'],
+    presentation: ['key'],
+  }
+  const fileExtension = url.split('.').pop()?.toLowerCase()
+  for (const fileType in fileTypes) {
+    if (fileTypes[fileType].includes(fileExtension!))
+      return fileType
+  }
+  return 'other'
+}
+
+/**
+ * @description 格式化数字，添加千位分隔符
+ * @param num 数字
+ * @returns { string } string:格式化后的数字
+ */
+export function formatNumber(num: number): string {
+  return num.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ',')
+}
+
+/**
+ * @description 生成指定长度的随机字符串
+ * @param length 长度
+ * @returns { string } string:随机字符串
+ */
+export function randomString(length: number): string {
+  const characters
+    = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+  let result = ''
+  for (let i = 0; i < length; i++)
+    result += characters.charAt(Math.floor(Math.random() * characters.length))
+  return result
+}
+
+/**
+ * @description 防抖函数
+ * @param func 函数
+ * @param delay 延迟时间
+ * @returns { Function } Function:防抖函数
+ */
+export function debounce(func: Function, delay: number): Function {
+  let timer: NodeJS.Timeout
+  return function (this: any, ...args: any[]) {
+    clearTimeout(timer)
+    timer = setTimeout(() => {
+      func.apply(this, args)
+    }, delay)
+  }
+}
+
+/**
+ * @description 节流函数
+ * @param func 函数
+ * @param delay 延迟时间
+ * @returns { Function } Function:节流函数
+ */
+export function throttle(func: Function, delay: number): Function {
+  let timer: NodeJS.Timeout
+  let lastExecTime = 0
+  return function (this: any, ...args: any[]) {
+    const currentTime = Date.now()
+    const remainingTime = delay - (currentTime - lastExecTime)
+    clearTimeout(timer)
+    if (remainingTime <= 0) {
+      func.apply(this, args)
+      lastExecTime = currentTime
+    }
+    else {
+      timer = setTimeout(() => {
+        func.apply(this, args)
+        lastExecTime = Date.now()
+      }, remainingTime)
+    }
+  }
+}
+
+export default {
+  getFileType,
+  formatNumber,
+  randomString,
+  debounce,
+  throttle,
+}
