@waline/vercel 1.10.1 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/package.json +2 -1
  2. package/src/controller/token/2fa.js +62 -0
  3. package/src/controller/token.js +15 -3
  4. package/src/controller/user/password.js +46 -0
  5. package/src/controller/user.js +10 -1
  6. package/src/logic/base.js +1 -0
  7. package/src/logic/token/2fa.js +27 -0
  8. package/src/logic/user/password.js +11 -0
  9. package/src/service/notify.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@waline/vercel",
3
- "version": "1.10.1",
3
+ "version": "1.13.0",
4
4
  "description": "vercel server for waline comment system",
5
5
  "repository": "https://github.com/walinejs/waline",
6
6
  "license": "MIT",
@@ -27,6 +27,7 @@
27
27
  "prismjs": "^1.27.0",
28
28
  "request": "^2.88.2",
29
29
  "request-promise-native": "^1.0.9",
30
+ "speakeasy": "^2.0.0",
30
31
  "think-logger3": "^1.3.1",
31
32
  "think-model": "^1.5.4",
32
33
  "think-model-mysql": "^1.1.7",
package/src/controller/token/2fa.js ADDED
@@ -0,0 +1,62 @@
1
+ const speakeasy = require('speakeasy');
2
+ const BaseRest = require('../rest');
3
+
4
+ module.exports = class extends BaseRest {
5
+ async getAction() {
6
+ const { userInfo } = this.ctx.state;
7
+ const { email } = this.get();
8
+
9
+ if (think.isEmpty(userInfo) && email) {
10
+ const userModel = this.service(
11
+ `storage/${this.config('storage')}`,
12
+ 'Users'
13
+ );
14
+
15
+ const user = await userModel.select(
16
+ { email },
17
+ {
18
+ field: ['2fa'],
19
+ }
20
+ );
21
+ const is2FAEnabled = !think.isEmpty(user) && Boolean(user[0]['2fa']);
22
+ return this.success({ enable: is2FAEnabled });
23
+ }
24
+
25
+ const name = `waline_${userInfo.objectId}`;
26
+ if (userInfo['2fa'] && userInfo['2fa'].length == 32) {
27
+ return this.success({
28
+ otpauth_url: `otpauth://totp/${name}?secret=${userInfo['2fa']}`,
29
+ secret: userInfo['2fa'],
30
+ });
31
+ }
32
+
33
+ const { otpauth_url, base32: secret } = speakeasy.generateSecret({
34
+ length: 20,
35
+ name,
36
+ });
37
+ return this.success({ otpauth_url, secret });
38
+ }
39
+
40
+ async postAction() {
41
+ const data = this.post();
42
+ const verified = speakeasy.totp.verify({
43
+ secret: data.secret,
44
+ encoding: 'base32',
45
+ token: data.code,
46
+ window: 2,
47
+ });
48
+
49
+ if (!verified) {
50
+ return this.fail('TWO_FACTOR_AUTH_ERROR_DETAIL');
51
+ }
52
+
53
+ const userModel = this.service(
54
+ `storage/${this.config('storage')}`,
55
+ 'Users'
56
+ );
57
+ const { objectId } = this.ctx.state.userInfo;
58
+ await userModel.update({ ['2fa']: data.secret }, { objectId });
59
+
60
+ return this.success();
61
+ }
62
+ };
package/src/controller/token.js CHANGED
@@ -1,3 +1,4 @@
1
+ const speakeasy = require('speakeasy');
1
2
  const jwt = require('jsonwebtoken');
2
3
  const helper = require('think-helper');
3
4
  const { PasswordHash } = require('phpass');
@@ -17,7 +18,7 @@ module.exports = class extends BaseRest {
17
18
  }
18
19
 
19
20
  async postAction() {
20
- const { email, password } = this.post();
21
+ const { email, password, code } = this.post();
21
22
  const user = await this.modelInstance.select({ email });
22
23
 
23
24
  if (think.isEmpty(user) || /^verify:/i.test(user[0].type)) {
@@ -33,13 +34,24 @@ module.exports = class extends BaseRest {
33
34
  return this.fail();
34
35
  }
35
36
 
36
- let avatar = user[0].avatar;
37
+ const twoFactorAuthSecret = user[0]['2fa'];
38
+ if (twoFactorAuthSecret) {
39
+ const verified = speakeasy.totp.verify({
40
+ secret: twoFactorAuthSecret,
41
+ encoding: 'base32',
42
+ token: code,
43
+ window: 2,
44
+ });
45
+ if (!verified) {
46
+ return this.fail();
47
+ }
48
+ }
37
49
 
50
+ let avatar = user[0].avatar;
38
51
  if (/(github)/i.test(avatar)) {
39
52
  avatar =
40
53
  this.config('avatarProxy') + '?url=' + encodeURIComponent(avatar);
41
54
  }
42
-
43
55
  user[0].avatar = avatar;
44
56
 
45
57
  return this.success({
package/src/controller/user/password.js ADDED
@@ -0,0 +1,46 @@
1
+ const jwt = require('jsonwebtoken');
2
+ const BaseRest = require('../rest');
3
+
4
+ module.exports = class extends BaseRest {
5
+ async putAction() {
6
+ const {
7
+ SMTP_HOST,
8
+ SMTP_SERVICE,
9
+ SENDER_EMAIL,
10
+ SENDER_NAME,
11
+ SMTP_USER,
12
+ SITE_NAME,
13
+ } = process.env;
14
+ const hasMailServie = SMTP_HOST || SMTP_SERVICE;
15
+ if (!hasMailServie) {
16
+ return this.fail();
17
+ }
18
+
19
+ const { email } = this.post();
20
+ const userModel = this.service(
21
+ `storage/${this.config('storage')}`,
22
+ 'Users'
23
+ );
24
+ const user = await userModel.select({ email });
25
+ if (think.isEmpty(user)) {
26
+ return this.fail();
27
+ }
28
+
29
+ const notify = this.service('notify');
30
+ const { protocol, host } = this.ctx;
31
+ const token = jwt.sign(user[0].email, this.config('jwtKey'));
32
+ const profileUrl = `${protocol}://${host}/ui/profile?token=${token}`;
33
+
34
+ await notify.transporter.sendMail({
35
+ from:
36
+ SENDER_EMAIL && SENDER_NAME
37
+ ? `"${SENDER_NAME}" <${SENDER_EMAIL}>`
38
+ : SMTP_USER,
39
+ to: user[0].email,
40
+ subject: `【${SITE_NAME || 'Waline'}】Reset Password`,
41
+ html: `Please click <a href="${profileUrl}">${profileUrl}</a> to login and change your password as soon as possible!`,
42
+ });
43
+
44
+ return this.success();
45
+ }
46
+ };
package/src/controller/user.js CHANGED
@@ -78,8 +78,9 @@ module.exports = class extends BaseRest {
78
78
  }
79
79
 
80
80
  async putAction() {
81
- const { display_name, url, password } = this.post();
81
+ const { display_name, url, avatar, password } = this.post();
82
82
  const { objectId } = this.ctx.state.userInfo;
83
+ const twoFactorAuth = this.post('2fa');
83
84
 
84
85
  const updateData = {};
85
86
 
@@ -91,10 +92,18 @@ module.exports = class extends BaseRest {
91
92
  updateData.url = url;
92
93
  }
93
94
 
95
+ if (avatar) {
96
+ updateData.avatar = avatar;
97
+ }
98
+
94
99
  if (password) {
95
100
  updateData.password = new PasswordHash().hashPassword(password);
96
101
  }
97
102
 
103
+ if (think.isString(twoFactorAuth)) {
104
+ updateData['2fa'] = twoFactorAuth;
105
+ }
106
+
98
107
  const socials = ['github', 'twitter', 'facebook', 'google', 'weibo', 'qq'];
99
108
  socials.forEach((social) => {
100
109
  const nextSocial = this.post(social);
package/src/logic/base.js CHANGED
@@ -63,6 +63,7 @@ module.exports = class extends think.Logic {
63
63
  'weibo',
64
64
  'qq',
65
65
  'avatar',
66
+ '2fa',
66
67
  ],
67
68
  }
68
69
  );
package/src/logic/token/2fa.js ADDED
@@ -0,0 +1,27 @@
1
+ const Base = require('../base');
2
+
3
+ module.exports = class extends Base {
4
+ async getAction() {
5
+ const { email } = this.get();
6
+ const { userInfo } = this.ctx.state;
7
+
8
+ if (think.isEmpty(userInfo) && !email) {
9
+ return this.fail(401);
10
+ }
11
+ }
12
+
13
+ async postAction() {
14
+ const { userInfo } = this.ctx.state;
15
+ if (think.isEmpty(userInfo)) {
16
+ return this.fail(401);
17
+ }
18
+
19
+ this.rules = {
20
+ code: {
21
+ required: true,
22
+ string: true,
23
+ length: 6,
24
+ },
25
+ };
26
+ }
27
+ };
package/src/logic/user/password.js ADDED
@@ -0,0 +1,11 @@
1
+ const Base = require('../base');
2
+
3
+ module.exports = class extends Base {
4
+ async putAction() {
5
+ this.rules = {
6
+ email: {
7
+ required: true,
8
+ },
9
+ };
10
+ }
11
+ };
package/src/service/notify.js CHANGED
@@ -335,7 +335,7 @@ module.exports = class extends think.Service {
335
335
  title = nunjucks.renderString(title, data);
336
336
  content = nunjucks.renderString(
337
337
  think.config('DiscordTemplate') ||
338
- `💬 {{site.name|safe}}的文章《{{postName}}》有新评论啦
338
+ `💬 {{site.name|safe}} 有新评论啦
339
339
  【评论者昵称】:{{self.nick}}
340
340
  【评论者邮箱】:{{self.mail}}
341
341
  【内容】:{{self.comment}}