🐛 修正订阅脚本的静默更新与 connect 权限逻辑 (#1201)

* 修正 Subscribe 的 Script 的 静默更新

* lint

* 🐛 修正订阅脚本的静默更新与 connect 权限逻辑

根据文档设计，订阅脚本应始终静默更新，不受「非重要变更静默更新脚本」
开关控制；订阅下脚本的 connect 权限完全由订阅的 connect 覆盖。

- subscribe.ts: 订阅本身更新去掉 toggle 依赖，始终静默（除非 connect 变化）
- script.ts: 订阅下脚本更新始终静默，不检查 toggle 和 connect
- gm_api.ts: 运行时 GM_xmlhttpRequest/GM_cookie 的 connect 权限使用订阅声明的覆盖
- utils.ts: 简化 checkSilenceUpdate，移除不再需要的 subscribeMetadata 参数

---------

Co-authored-by: 王一之 <yz@ggnb.top>

Author: cyfung1031

src/app/service/service_worker/gm_api/gm_api.ts

@@ -1,6 +1,7 @@
 import LoggerCore from "@App/app/logger/core";
 import Logger from "@App/app/logger/logger";
 import { ScriptDAO } from "@App/app/repo/scripts";
+import { SubscribeDAO } from "@App/app/repo/subscribe";
 import { type IGetSender, type Group, GetSenderType } from "@Packages/message/server";
 import type { ExtMessageSender, MessageSend, TMessageCommAction } from "@Packages/message/types";
 import { connect, sendMessage } from "@Packages/message/client";
@@ -236,6 +237,7 @@ export default class GMApi {
   logger: Logger;
 
   scriptDAO: ScriptDAO = new ScriptDAO();
+  subscribeDAO: SubscribeDAO = new SubscribeDAO();
 
   constructor(
     private systemConfig: SystemConfig,
@@ -273,6 +275,13 @@ export default class GMApi {
     if (!script) {
       throw new Error("script is not found");
     }
+    // 订阅脚本的 connect 使用订阅声明的 connect 覆盖脚本自身的
+    if (script.subscribeUrl) {
+      const subscribe = await this.subscribeDAO.get(script.subscribeUrl);
+      if (subscribe?.metadata?.connect) {
+        script.metadata = { ...script.metadata, connect: subscribe.metadata.connect };
+      }
+    }
     return { ...data, script } as GMApiRequest<T>;
   }
 

src/app/service/service_worker/gm_api/gm_api_subscribe.test.ts

@@ -0,0 +1,121 @@
+import { describe, it, expect, beforeEach } from "vitest";
+import { ScriptDAO, SCRIPT_TYPE_NORMAL, SCRIPT_STATUS_ENABLE, SCRIPT_RUN_STATUS_COMPLETE } from "@App/app/repo/scripts";
+import type { Script } from "@App/app/repo/scripts";
+import { SubscribeDAO, SUBSCRIBE_STATUS_ENABLE } from "@App/app/repo/subscribe";
+import type { Subscribe } from "@App/app/repo/subscribe";
+import type { SCMetadata } from "@App/app/repo/metadata";
+import GMApi, { MockGMExternalDependencies } from "./gm_api";
+import { initTestEnv } from "@Tests/utils";
+import { MockMessage } from "@Packages/message/mock_message";
+import { Server } from "@Packages/message/server";
+import EventEmitter from "eventemitter3";
+import { MessageQueue } from "@Packages/message/message_queue";
+import { SystemConfig } from "@App/pkg/config/config";
+import PermissionVerify from "../permission_verify";
+
+initTestEnv();
+
+function makeScript(uuid: string, connect?: string[], subscribeUrl?: string): Script {
+  const metadata: SCMetadata = {};
+  if (connect) metadata.connect = connect;
+  return {
+    uuid,
+    name: "test-script",
+    namespace: "test",
+    metadata,
+    type: SCRIPT_TYPE_NORMAL,
+    status: SCRIPT_STATUS_ENABLE,
+    sort: 0,
+    runStatus: SCRIPT_RUN_STATUS_COMPLETE,
+    createtime: Date.now(),
+    checktime: Date.now(),
+    subscribeUrl,
+  };
+}
+
+function makeSubscribe(url: string, connect?: string[]): Subscribe {
+  const metadata: SCMetadata = {};
+  if (connect) metadata.connect = connect;
+  return {
+    url,
+    name: "test-subscribe",
+    code: "",
+    author: "test",
+    scripts: {},
+    metadata,
+    status: SUBSCRIBE_STATUS_ENABLE,
+    createtime: Date.now(),
+    checktime: Date.now(),
+  };
+}
+
+function createGMApi(): GMApi {
+  const ee = new EventEmitter<string, any>();
+  const message = new MockMessage(ee);
+  const messageQueue = new MessageQueue();
+  const systemConfig = new SystemConfig(messageQueue);
+  const server = new Server("serviceWorker", message);
+  const permissionVerify = new PermissionVerify(server.group("permissionVerify"), messageQueue);
+  return new GMApi(
+    systemConfig,
+    permissionVerify,
+    server.group("runtime"),
+    message,
+    messageQueue,
+    {} as any,
+    new MockGMExternalDependencies()
+  );
+}
+
+describe("parseRequest 订阅脚本 connect 覆盖", () => {
+  let scriptDAO: ScriptDAO;
+  let subscribeDAO: SubscribeDAO;
+  let gmApi: GMApi;
+
+  beforeEach(() => {
+    scriptDAO = new ScriptDAO();
+    subscribeDAO = new SubscribeDAO();
+    gmApi = createGMApi();
+  });
+
+  it("订阅脚本的 connect 应被订阅的 connect 覆盖", async () => {
+    const subscribeUrl = "https://example.com/test.sub.js";
+    const script = makeScript("uuid-1", ["script-domain.com"], subscribeUrl);
+    const subscribe = makeSubscribe(subscribeUrl, ["subscribe-domain.com", "api.example.com"]);
+
+    await scriptDAO.save(script);
+    await subscribeDAO.save(subscribe);
+
+    const req = await gmApi.parseRequest({ uuid: "uuid-1", api: "test", runFlag: "", params: [] });
+    // connect 应该被订阅的覆盖，而不是脚本自身的
+    expect(req.script.metadata.connect).toEqual(["subscribe-domain.com", "api.example.com"]);
+  });
+
+  it("普通脚本（无 subscribeUrl）的 connect 保持不变", async () => {
+    const script = makeScript("uuid-2", ["my-domain.com"]);
+    await scriptDAO.save(script);
+
+    const req = await gmApi.parseRequest({ uuid: "uuid-2", api: "test", runFlag: "", params: [] });
+    expect(req.script.metadata.connect).toEqual(["my-domain.com"]);
+  });
+
+  it("订阅不存在时脚本 connect 保持不变", async () => {
+    const script = makeScript("uuid-3", ["my-domain.com"], "https://gone.com/deleted.sub.js");
+    await scriptDAO.save(script);
+
+    const req = await gmApi.parseRequest({ uuid: "uuid-3", api: "test", runFlag: "", params: [] });
+    expect(req.script.metadata.connect).toEqual(["my-domain.com"]);
+  });
+
+  it("订阅没有声明 connect 时脚本 connect 保持不变", async () => {
+    const subscribeUrl = "https://example.com/no-connect.sub.js";
+    const script = makeScript("uuid-4", ["my-domain.com"], subscribeUrl);
+    const subscribe = makeSubscribe(subscribeUrl); // 无 connect
+
+    await scriptDAO.save(script);
+    await subscribeDAO.save(subscribe);
+
+    const req = await gmApi.parseRequest({ uuid: "uuid-4", api: "test", runFlag: "", params: [] });
+    expect(req.script.metadata.connect).toEqual(["my-domain.com"]);
+  });
+});

src/app/service/service_worker/index.ts

@@ -90,7 +90,7 @@ export default class ServiceWorkerManager {
       scriptDAO
     );
     synchronize.init();
-    const subscribe = new SubscribeService(systemConfig, this.api.group("subscribe"), this.mq, script);
+    const subscribe = new SubscribeService(this.api.group("subscribe"), this.mq, script);
     subscribe.init();
     const system = new SystemService(
       systemConfig,

src/app/service/service_worker/script.ts

@@ -884,20 +884,24 @@ export class ScriptService {
   ) {
     const upsertBy = options.source;
     const code = await fetchScriptBody(url);
-    if (update && (await this.systemConfig.getSilenceUpdateScript())) {
+    if (update) {
       try {
         const { oldScript, script } = await prepareScriptByCode(code, url, uuid);
-        if (checkSilenceUpdate(oldScript!.metadata, script.metadata)) {
-          logger?.info("silence update script");
-          await this.installScript({
-            script,
-            code,
-            upsertBy,
-          });
+        // 订阅脚本始终静默更新，信任关系由订阅建立
+        if (oldScript?.subscribeUrl) {
+          logger?.info("silence update subscribe script");
+          await this.installScript({ script, code, upsertBy });
           return 2;
         }
-        // 如果不符合静默更新规则，走后面的流程
-        logger?.info("not silence update script, open install page");
+        // 普通脚本：检查静默更新开关和 connect 变化
+        if (await this.systemConfig.getSilenceUpdateScript()) {
+          if (checkSilenceUpdate(oldScript!.metadata, script.metadata)) {
+            logger?.info("silence update script");
+            await this.installScript({ script, code, upsertBy });
+            return 2;
+          }
+          logger?.info("not silence update script, open install page");
+        }
       } catch (e) {
         logger?.error("prepare script failed", Logger.E(e));
       }

src/app/service/service_worker/subscribe.ts

@@ -3,7 +3,6 @@ import Logger from "@App/app/logger/logger";
 import { ScriptDAO } from "@App/app/repo/scripts";
 import type { SCMetadata, Subscribe, SubscribeScript } from "@App/app/repo/subscribe";
 import { SUBSCRIBE_STATUS_DISABLE, SUBSCRIBE_STATUS_ENABLE, SubscribeDAO } from "@App/app/repo/subscribe";
-import { type SystemConfig } from "@App/pkg/config/config";
 import { type IMessageQueue } from "@Packages/message/message_queue";
 import { type Group } from "@Packages/message/server";
 import { type ScriptService } from "./script";
@@ -24,7 +23,6 @@ export class SubscribeService {
   scriptDAO = new ScriptDAO();
 
   constructor(
-    private systemConfig: SystemConfig,
     private group: Group,
     private mq: IMessageQueue,
     private scriptService: ScriptService
@@ -239,25 +237,23 @@ export class SubscribeService {
     }
   }
 
+  // 订阅始终尝试静默更新，不受「非重要变更静默更新脚本」开关控制
+  // 仅当订阅的 @connect 新增了域时才需要用户确认
   async trySilenceUpdate(code: string, url: string) {
     const logger = this.logger.with({
       url,
     });
-    // 是否静默更新
-    const silenceUpdate = await this.systemConfig.getSilenceUpdateScript();
-    if (silenceUpdate) {
-      try {
-        const newSubscribe = await prepareSubscribeByCode(code, url);
-        if (checkSilenceUpdate(newSubscribe.oldSubscribe!.metadata, newSubscribe.subscribe.metadata)) {
-          logger.info("silence update subscribe");
-          this.install({
-            subscribe: newSubscribe.subscribe,
-          });
-          return true;
-        }
-      } catch (e) {
-        logger.error("prepare script failed", Logger.E(e));
+    try {
+      const newSubscribe = await prepareSubscribeByCode(code, url);
+      if (checkSilenceUpdate(newSubscribe.oldSubscribe!.metadata, newSubscribe.subscribe.metadata)) {
+        logger.info("silence update subscribe");
+        this.install({
+          subscribe: newSubscribe.subscribe,
+        });
+        return true;
       }
+    } catch (e) {
+      logger.error("prepare script failed", Logger.E(e));
     }
   }
 

src/pkg/utils/utils.ts

@@ -144,12 +144,12 @@ export async function openInCurrentTab(url: string, tabId?: number) {
   }
 }
 
-// 检查订阅规则是否改变,是否能够静默更新
+// 检查 connect 是否改变，是否能够静默更新
+// 用于订阅本身的更新检查和普通脚本的静默更新检查
 export function checkSilenceUpdate(oldMeta: SCMetadata, newMeta: SCMetadata): boolean {
-  // 判断connect是否改变
   const oldConnect = new Set<string>(oldMeta.connect || []);
   const newConnect = new Set<string>(newMeta.connect || []);
-  // 老的里面没有新的就需要用户确认了
+  // 新的 connect 中有老的没有的域，则需要用户确认
   for (const key of newConnect) {
     if (!oldConnect.has(key)) {
       return false;