humpback踩坑记录(1)

原创
2020/06/09 14:08
阅读数 180

最近研究安装 humpback ,感觉源代码中存在着满满的恶意。先研究 humpback-web

原来的依赖关系

package.json

{
    "name": "humpback-web",
    "version": "1.0.0",
    "description": "humpback management website",
    "main": "src/server/index.js",
    "scripts": {
        "start": "gulp dev",
        "build": "gulp release"
    },
    "repository": {
        "type": "git",
        "url": "git+https://github.com/humpback/humpback-web.git"
    },
    "keywords": [],
    "author": "",
    "license": "Apache 2.0",
    "bugs": {
        "url": "https://github.com/humpback/humpback-web/issues"
    },
    "homepage": "https://github.com/humpback/humpback-web#readme",
    "dependencies": {
        "body-parser": "^1.17.1",
        "compression": "^1.6.2",
        "console-stamp": "^0.2.5",
        "cookie-parser": "^1.4.3",
        "errorhandler": "^1.5.0",
        "express": "^4.15.2",
        "express-session": "^1.15.1",
        "nedb": "^1.8.0",
        "nedb-session-store": "^1.1.1",
        "uuid": "^3.0.1"
    },
    "devDependencies": {
        "@angular/animations": "^4.0.1",
        "@angular/common": "^4.0.1",
        "@angular/compiler": "^4.0.1",
        "@angular/core": "^4.0.1",
        "@angular/forms": "^4.0.1",
        "@angular/http": "^4.0.1",
        "@angular/platform-browser": "^4.0.1",
        "@angular/platform-browser-dynamic": "^4.0.1",
        "@angular/router": "^4.0.1",
        "@angularclass/resolve-angular-routes": "^1.0.9",
        "@types/core-js": "^0.9.40",
        "@types/jasmine": "^2.5.47",
        "@types/node": "^7.0.12",
        "@types/request": "0.0.39",
        "angular2-template-loader": "^0.6.2",
        "awesome-typescript-loader": "^3.1.2",
        "copy-webpack-plugin": "^4.0.1",
        "core-js": "^2.4.1",
        "css-loader": "^0.26.4",
        "del": "^2.2.2",
        "extract-text-webpack-plugin": "^2.1.0",
        "file-loader": "^0.9.0",
        "gulp": "^3.9.1",
        "gulp-clean-css": "^2.4.0",
        "gulp-develop-server": "^0.5.2",
        "gulp-if": "^2.0.2",
        "gulp-uglify": "^2.1.2",
        "gulp-useref": "^3.1.2",
        "gulp-util": "^3.0.8",
        "html-loader": "^0.4.5",
        "html-webpack-plugin": "^2.28.0",
        "jasmine-core": "^2.5.2",
        "light-reload": "^0.2.0",
        "ng2-select2": "^1.0.0-beta.10",
        "node-notifier": "^4.6.1",
        "progress-bar-webpack-plugin": "^1.9.3",
        "raw-loader": "^0.5.1",
        "reflect-metadata": "^0.1.10",
        "run-sequence": "^1.2.2",
        "rxjs": "^5.2.0",
        "style-loader": "^0.13.2",
        "typescript": "^2.2.2",
        "webpack": "^2.3.2",
        "webpack-merge": "^2.6.1",
        "zone.js": "^0.7.8"
    }
}

运行时发现不支持 node 10以上 ,所以进行升级

package.json

{
    "name": "humpback-web",
    "version": "1.0.0",
    "description": "humpback management website",
    "main": "src/server/index.js",
    "scripts": {
        "start": "gulp dev",
        "build": "gulp release"
    },
    "repository": {
        "type": "git",
        "url": "git+https://github.com/humpback/humpback-web.git"
    },
    "keywords": [],
    "author": "",
    "license": "Apache 2.0",
    "bugs": {
        "url": "https://github.com/humpback/humpback-web/issues"
    },
    "homepage": "https://github.com/humpback/humpback-web#readme",
    "dependencies": {
        "body-parser": "^1.17.1",
        "compression": "^1.6.2",
        "console-stamp": "^0.2.5",
        "cookie-parser": "^1.4.3",
        "errorhandler": "^1.5.0",
        "express": "^4.15.2",
        "express-session": "^1.15.1",
        "nedb": "^1.8.0",
        "nedb-session-store": "^1.1.1",
        "uuid": "^3.0.1"
    },
    "devDependencies": {
        "@angular/animations": "^4.0.1",
        "@angular/common": "^4.0.1",
        "@angular/compiler": "^4.0.1",
        "@angular/core": "^4.0.1",
        "@angular/forms": "^4.0.1",
        "@angular/http": "^4.0.1",
        "@angular/platform-browser": "^4.0.1",
        "@angular/platform-browser-dynamic": "^4.0.1",
        "@angular/router": "^4.0.1",
        "@angularclass/resolve-angular-routes": "^1.0.9",
        "@types/core-js": "^0.9.40",
        "@types/jasmine": "^2.5.47",
        "@types/node": "7.0.32",
        "@types/request": "2.48.5",
        "angular2-template-loader": "^0.6.2",
        "awesome-typescript-loader": "^3.1.2",
        "copy-webpack-plugin": "^4.0.1",
        "core-js": "^2.4.1",
        "css-loader": "^0.26.4",
        "del": "^2.2.2",
        "extract-text-webpack-plugin": "^2.1.0",
        "file-loader": "^0.9.0",
        "gulp": "^4.0.2",
    "gulp-babel": "^8.0.0",
    "gulp-clean": "^0.4.0",
    "gulp-concat": "^2.6.1",
    "gulp-front-matter": "^1.3.0",
    "gulp-gh-pages": "^0.5.4",
    "gulp-if": "^2.0.2",
    "gulp-layout": "0.0.4",
    "gulp-load-plugins": "^1.6.0",
    "gulp-plumber": "^1.2.1",
    "gulp-postcss": "^8.0.0",
    "gulp-sass": "^4.0.2",
    "gulp-sourcemaps": "^2.6.5",
	"gulp-develop-server": "^0.5.2",
	"gulp-uglify": "^2.1.2",
	"gulp-useref": "^3.1.2",
	"gulp-util": "^3.0.8",
	 "gulp-clean-css": "^2.4.0",
        "html-loader": "^0.4.5",
        "html-webpack-plugin": "^2.28.0",
        "jasmine-core": "^2.5.2",
        "light-reload": "^0.2.0",
        "ng2-select2": "^1.0.0-beta.10",
        "node-notifier": "^4.6.1",
        "progress-bar-webpack-plugin": "^1.9.3",
        "raw-loader": "^0.5.1",
        "reflect-metadata": "^0.1.10",
        "gulp4-run-sequence": "^1.0.0",
        "rxjs": "^5.2.0",
        "style-loader": "^0.13.2",
        "typescript": "^2.3.2",
        "webpack": "^2.3.2",
        "webpack-merge": "^2.6.1",
        "zone.js": "^0.7.8"
    }
}

gulp脚本也做了相应改动(为什么我还要写gulp!!!!!),主要是替换使用  gulp4-run-sequence,watch部分使用 gulp.parallel

const gulp = require('gulp');
const del = require('del');
const gutil = require("gulp-util");
const webpack = require("webpack");
const server = require('gulp-develop-server');
const notifier = require('node-notifier');
const runSequence = require('gulp4-run-sequence');
const lightReload = require('light-reload');
const useref = require('gulp-useref');
const gulpif = require('gulp-if');
const uglify = require('gulp-uglify');
const minifyCss = require('gulp-clean-css');

gulp.task('client:prd-build', (callback) => {
  let config = require('./config/webpack.prod.js');
  webpack(config, (err, stats) => {
    showWebpackError(err, stats);
    callback();
  });
});

gulp.task('client:dev-build', () => {
  let config = require('./config/webpack.dev.js');
  let compiler = webpack(config);
  compiler.watch(200, (err, stats) => {
    showWebpackError(err, stats);
    notifier.notify({
      title: 'Humpback-Client',
      message: 'Client build succeed.'
    });
    lightReload.reload();
  });
});

gulp.task('clean', () => {
  return del(['dist/*', '!dist/dbFiles', '!dist/node_modules'], { force: true });
});

gulp.task('server:clean', (callback) => {
  return del(['dist/**/*', '!dist/client'], { force: true });
});

gulp.task('server:copy', () => {
  return gulp.src(['src/server/**'])
    .pipe(gulp.dest('dist/'));
});

gulp.task('server:reload', (callback) => {
  runSequence('server:copy', 'server:restart', callback);
});

gulp.task('server:start', (callback) => {
  lightReload.init();
  server.listen({ path: 'dist/index.js' }, err => {
    if (err) console.log('listen', err);
  });
  callback();
});

gulp.task('server:restart', (callback) => {
  server.restart(err => {
    if (err) console.log('restart', err);
    notifier.notify({
      title: 'Humpback-Server',
      message: 'Server restarted.'
    });
  });
  callback();
});

gulp.task('server:watch', () => {
  return gulp.watch(['src/server/**/*.js'], gulp.parallel('server:reload'));
});

gulp.task('release:html', () => {
  return gulp.src('dist/client/index.html')
    .pipe(useref())
    .pipe(gulpif('*.js', uglify()))
    .pipe(gulpif('*.css', minifyCss()))
    .pipe(gulp.dest('dist/client'));
});

gulp.task('release:clean-unused-file', () => {
  let rootPath = 'dist/client/static';
  return del([
    `${rootPath}/**/*.css`,
    `${rootPath}/**/*.js`,
    `!${rootPath}/vendor/css/vendor.min.css`,
    `!${rootPath}/vendor/js/vendor.min.js`,
    `!${rootPath}/css/site.min.css`,
    `!${rootPath}/js/site.min.js`
  ], { force: true });
});

gulp.task('dev', (callback) => {
  runSequence(
    'clean',
    'server:copy',
    'server:start',
    'server:watch',
    'client:dev-build',
    callback);
});

gulp.task('release', (callback) => {
  runSequence(
    'clean',
    'server:copy',
    'client:prd-build',
    'release:html',
    'release:clean-unused-file',
    callback);
});

let showWebpackError = (err, stats) => {
  if (err) {
    throw new gutil.PluginError('webpack', err);
  }
  gutil.log("[webpack:build-dev]", stats.toString({
    colors: true,
    hash: false,
    timings: true,
    chunks: true,
    chunkModules: false,
    modules: false,
    children: false,
    version: true,
    cached: true,
    cachedAssets: true,
    reasons: false,
    source: false,
    errorDetails: false
  }));
};

原来的 Dockerfile

FROM node:8.11-alpine

MAINTAINER Bob Liu <Bobliu0909@gmail.com>

ADD humpback-web /humpback-web

WORKDIR /humpback-web

CMD ["node", "index.js"]

明显是假的, npm install 都没有 ,折腾了一番以后改成

FROM node:14.0.0-alpine

MAINTAINER Bob Liu <Bobliu0909@gmail.com>

ADD dist /humpback-web
ADD node_modules /humpback-web/node_modules

WORKDIR /humpback-web

CMD ["node", "index.js"]

构建脚本

git config --global url."https://".insteadOf git://
npm config set sass_binary_site=https://npm.taobao.org/mirrors/node-sass/
npm config set registry http://registry.npm.taobao.org/
npm install --unsafe-perm
npm run build
docker build --no-cache -t docker-web .
docker tag docker-web registry.cn-hangzhou.aliyuncs.com/xx/docker-web
docker push  registry.cn-hangzhou.aliyuncs.com/xx/docker-web

按原启动方法运行还OK。

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部