@waline/vercel 1.15.3 → 1.17.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.15.3",
+  "version": "1.17.1",
   "description": "vercel server for waline comment system",
   "keywords": [
     "waline",
@@ -20,20 +20,21 @@
     "akismet": "^2.0.7",
     "deta": "^1.1.0",
     "dompurify": "^2.3.6",
+    "dy-node-ip2region": "^1.0.1",
     "fast-csv": "^4.3.6",
     "jsdom": "^19.0.0",
     "jsonwebtoken": "^8.5.1",
     "katex": "^0.15.3",
     "leancloud-storage": "^4.12.2",
-    "markdown-it": "^12.3.2",
-    "markdown-it-emoji": "^2.0.0",
+    "markdown-it": "^13.0.1",
+    "markdown-it-emoji": "^2.0.2",
     "markdown-it-sub": "^1.0.0",
     "markdown-it-sup": "^1.0.0",
     "mathjax-full": "^3.2.0",
-    "nodemailer": "^6.7.3",
+    "nodemailer": "^6.7.4",
     "nunjucks": "^3.2.3",
     "phpass": "^0.1.1",
-    "prismjs": "^1.27.0",
+    "prismjs": "^1.28.0",
     "request": "^2.88.2",
     "request-promise-native": "^1.0.9",
     "speakeasy": "^2.0.0",

package/src/config/config.js

@@ -14,6 +14,7 @@ const {
   TCB_KEY,
   SECURE_DOMAINS,
   DISABLE_USERAGENT,
+  DISABLE_REGION,
   AVATAR_PROXY,
   GITHUB_TOKEN,
   DETA_PROJECT_KEY,
@@ -106,6 +107,7 @@ module.exports = {
   disallowIPList: [],
   secureDomains: SECURE_DOMAINS ? SECURE_DOMAINS.split(/\s*,\s*/) : undefined,
   disableUserAgent: DISABLE_USERAGENT && !isFalse(DISABLE_USERAGENT),
+  disableRegion: DISABLE_REGION && !isFalse(DISABLE_REGION),
   levels:
     !LEVELS || isFalse(LEVELS)
       ? false

package/src/controller/comment.js

@@ -5,7 +5,7 @@ const { getMarkdownParser } = require('../service/markdown');
 
 const markdownParser = getMarkdownParser();
 async function formatCmt(
-  { ua, user_id, ...comment },
+  { ua, user_id, ip, ...comment },
   users = [],
   { avatarProxy },
   loginUser
@@ -25,6 +25,7 @@ async function formatCmt(
     comment.mail = user.email;
     comment.link = user.url;
     comment.type = user.type;
+    comment.label = user.label;
   }
 
   const avatarUrl =
@@ -41,8 +42,13 @@ async function formatCmt(
     delete comment.mail;
   } else {
     comment.orig = comment.comment;
+    comment.ip = ip;
   }
 
+  // administrator can always show region
+  if (isAdmin || !think.config('disableRegion')) {
+    comment.addr = await think.ip2region(ip, { depth: isAdmin ? 3 : 1 });
+  }
   comment.comment = markdownParser(comment.comment);
   return comment;
 }
@@ -88,6 +94,7 @@ module.exports = class extends BaseRest {
             'pid',
             'rid',
             'ua',
+            'ip',
             'user_id',
             'sticky',
           ],
@@ -106,7 +113,14 @@ module.exports = class extends BaseRest {
           users = await userModel.select(
             { objectId: ['IN', user_ids] },
             {
-              field: ['display_name', 'email', 'url', 'type', 'avatar'],
+              field: [
+                'display_name',
+                'email',
+                'url',
+                'type',
+                'avatar',
+                'label',
+              ],
             }
           );
         }
@@ -186,7 +200,14 @@ module.exports = class extends BaseRest {
           users = await userModel.select(
             { objectId: ['IN', user_ids] },
             {
-              field: ['display_name', 'email', 'url', 'type', 'avatar'],
+              field: [
+                'display_name',
+                'email',
+                'url',
+                'type',
+                'avatar',
+                'label',
+              ],
             }
           );
         }
@@ -235,6 +256,7 @@ module.exports = class extends BaseRest {
             'pid',
             'rid',
             'ua',
+            'ip',
             'user_id',
             'sticky',
           ],
@@ -307,7 +329,14 @@ module.exports = class extends BaseRest {
           users = await userModel.select(
             { objectId: ['IN', user_ids] },
             {
-              field: ['display_name', 'email', 'url', 'type', 'avatar'],
+              field: [
+                'display_name',
+                'email',
+                'url',
+                'type',
+                'avatar',
+                'label',
+              ],
             }
           );
         }

package/src/controller/user.js

@@ -11,6 +11,26 @@ module.exports = class extends BaseRest {
     );
   }
 
+  async getAction() {
+    const { page, pageSize } = this.get();
+
+    const count = await this.modelInstance.count({});
+    const users = await this.modelInstance.select(
+      {},
+      {
+        desc: 'createdAt',
+        limit: pageSize,
+        offset: Math.max((page - 1) * pageSize, 0),
+      }
+    );
+    return this.success({
+      page,
+      totalPages: Math.ceil(count / pageSize),
+      pageSize,
+      data: users,
+    });
+  }
+
   async postAction() {
     const data = this.post();
     const resp = await this.modelInstance.select({
@@ -92,12 +112,20 @@ module.exports = class extends BaseRest {
   }
 
   async putAction() {
-    const { display_name, url, avatar, password } = this.post();
+    const { display_name, url, avatar, password, type, label } = this.post();
     const { objectId } = this.ctx.state.userInfo;
     const twoFactorAuth = this.post('2fa');
 
     const updateData = {};
 
+    if (this.id && type) {
+      updateData.type = type;
+    }
+
+    if (think.isString(label)) {
+      updateData.label = label;
+    }
+
     if (display_name) {
       updateData.display_name = display_name;
     }
@@ -130,7 +158,9 @@ module.exports = class extends BaseRest {
       return this.success();
     }
 
-    await this.modelInstance.update(updateData, { objectId });
+    await this.modelInstance.update(updateData, {
+      objectId: this.id || objectId,
+    });
 
     return this.success();
   }

package/src/extend/think.js

@@ -1,5 +1,9 @@
+const ip2region = require('dy-node-ip2region');
+const helper = require('think-helper');
 const preventMessage = 'PREVENT_NEXT_PROCESS';
 
+const regionSearch = ip2region.create();
+
 module.exports = {
   prevent() {
     throw new Error(preventMessage);
@@ -20,6 +24,10 @@ module.exports = {
   },
   promiseAllQueue(promises, taskNum) {
     return new Promise((resolve, reject) => {
+      if (!promises.length) {
+        return resolve();
+      }
+
       const ret = [];
       let index = 0;
       let count = 0;
@@ -46,4 +54,18 @@ module.exports = {
       }
     });
   },
+  async ip2region(ip, { depth = 1 }) {
+    if (!ip) return '';
+
+    try {
+      const search = helper.promisify(regionSearch.btreeSearch, regionSearch);
+      const { region } = await search(ip);
+      const [, , province, city, isp] = region.split('|');
+      const address = Array.from(new Set([province, city, isp]));
+      return address.slice(0, depth).join(' ');
+    } catch (e) {
+      console.log(e);
+      return '';
+    }
+  },
 };

package/src/logic/base.js

@@ -8,6 +8,7 @@ module.exports = class extends think.Logic {
       `storage/${this.config('storage')}`,
       'Users'
     );
+    this.id = this.getId();
   }
 
   async __before() {
@@ -89,4 +90,20 @@ module.exports = class extends think.Logic {
     this.ctx.state.userInfo = userInfo;
     this.ctx.state.token = token;
   }
+
+  getId() {
+    const id = this.get('id');
+
+    if (id && (think.isString(id) || think.isNumber(id))) {
+      return id;
+    }
+
+    const last = decodeURIComponent(this.ctx.path.split('/').pop());
+
+    if (last !== this.resource && /^([a-z0-9]+,?)*$/i.test(last)) {
+      return last;
+    }
+
+    return '';
+  }
 };

package/src/logic/user.js

@@ -1,6 +1,24 @@
 const Base = require('./base');
 
 module.exports = class extends Base {
+  getAction() {
+    const { userInfo } = this.ctx.state;
+    if (think.isEmpty(userInfo) || userInfo.type !== 'administrator') {
+      return this.fail();
+    }
+
+    this.rules = {
+      page: {
+        int: true,
+        default: 1,
+      },
+      pageSize: {
+        int: { max: 100 },
+        default: 10,
+      },
+    };
+  }
+
   /**
    * @api {POST} /user user register
    * @apiGroup User
@@ -30,9 +48,15 @@ module.exports = class extends Base {
    * @apiSuccess  (200) {String}  errmsg  return error message if error
    */
   putAction() {
+    // you need login to update yourself profile
     const { userInfo } = this.ctx.state;
     if (think.isEmpty(userInfo)) {
       return this.fail();
     }
+
+    // you should be a administrator to update otherself info
+    if (this.id && userInfo.type !== 'administrator') {
+      return this.fail();
+    }
   }
 };

package/src/service/storage/leancloud.js

@@ -126,6 +126,88 @@ module.exports = class extends Base {
     return data;
   }
 
+  async _getCmtGroupByMailUserIdCache(key, where) {
+    if (this.tableName !== 'Comment' || key !== 'user_id_mail') {
+      return [];
+    }
+
+    const cacheTableName = `cache_group_count_${key}`;
+    const currentTableName = this.tableName;
+    this.tableName = cacheTableName;
+    const cacheData = await this.select({ _complex: where._complex });
+    this.tableName = currentTableName;
+    return cacheData;
+  }
+
+  async _setCmtGroupByMailUserIdCache(key, data) {
+    if (this.tableName !== 'Comment' || key !== 'user_id_mail') {
+      return;
+    }
+
+    const cacheTableName = `cache_group_count_${key}`;
+    const currentTableName = this.tableName;
+    this.tableName = cacheTableName;
+
+    await think.promiseAllQueue(
+      data.map((item) => {
+        if (item.user_id && !think.isString(item.user_id)) {
+          item.user_id = item.user_id.toString();
+        }
+        return this.add(item);
+      }),
+      1
+    );
+    this.tableName = currentTableName;
+  }
+
+  async _updateCmtGroupByMailUserIdCache(data, method) {
+    if (this.tableName !== 'Comment') {
+      return;
+    }
+
+    if (!data.user_id && !data.mail) {
+      return;
+    }
+
+    const cacheTableName = `cache_group_count_user_id_mail`;
+    const cacheData = await this.select({
+      _complex: {
+        _logic: 'or',
+        user_id: think.isObject(data.user_id)
+          ? data.user_id.toString()
+          : data.user_id,
+        mail: data.mail,
+      },
+    });
+    if (think.isEmpty(data)) {
+      return;
+    }
+
+    let count = cacheData[0].count;
+    switch (method) {
+      case 'add':
+        if (data.status === 'approved') {
+          count += 1;
+        }
+        break;
+      case 'udpate_status':
+        if (data.status === 'approved') {
+          count += 1;
+        } else {
+          count -= 1;
+        }
+        break;
+      case 'delete':
+        count -= 1;
+        break;
+    }
+
+    const currentTableName = this.tableName;
+    this.tableName = cacheTableName;
+    await this.update({ count }, { objectId: cacheData[0].objectId });
+    this.tableName = currentTableName;
+  }
+
   async count(where = {}, options = {}) {
     const instance = this.where(this.tableName, where);
     if (!options.group) {
@@ -137,7 +219,19 @@ module.exports = class extends Base {
       });
     }
 
-    // todo: query optimize
+    // get group count cache by group field where data
+    const cacheData = await this._getCmtGroupByMailUserIdCache(
+      options.group.join('_'),
+      where
+    );
+    const cacheDataMap = {};
+    for (let i = 0; i < cacheData.length; i++) {
+      const key = options.group
+        .map((item) => cacheData[i][item] || null)
+        .join('_');
+      cacheDataMap[key] = cacheData[i];
+    }
+
     const counts = [];
     const countsPromise = [];
     for (let i = 0; i < options.group.length; i++) {
@@ -152,6 +246,19 @@ module.exports = class extends Base {
       });
 
       for (let j = 0; j < where._complex[groupName][1].length; j++) {
+        const cacheKey = options.group
+          .map(
+            (item) =>
+              ({
+                ...groupFlatValue,
+                [groupName]: where._complex[groupName][1][j],
+              }[item] || null)
+          )
+          .join('_');
+        if (cacheDataMap[cacheKey]) {
+          continue;
+        }
+
         const groupWhere = {
           ...where,
           ...groupFlatValue,
@@ -172,8 +279,10 @@ module.exports = class extends Base {
       }
     }
 
-    await think.promiseAllQueue(countsPromise, 3);
-    return counts;
+    await think.promiseAllQueue(countsPromise, 1);
+    // cache data
+    await this._setCmtGroupByMailUserIdCache(options.group.join('_'), counts);
+    return [...cacheData, ...counts];
   }
 
   async add(
@@ -190,6 +299,7 @@ module.exports = class extends Base {
     instance.setACL(acl);
 
     const resp = await instance.save();
+    await this._updateCmtGroupByMailUserIdCache(data, 'add');
     return resp.toJSON();
   }
 
@@ -199,11 +309,16 @@ module.exports = class extends Base {
 
     return Promise.all(
       ret.map(async (item) => {
+        const _oldStatus = item.get('status');
         if (think.isFunction(data)) {
           item.set(data(item.toJSON()));
         } else {
           item.set(data);
         }
+        const _newStatus = item.get('status');
+        if (_newStatus && _oldStatus !== _newStatus) {
+          await this._updateCmtGroupByMailUserIdCache(data, 'update_status');
+        }
 
         const resp = await item.save();
         return resp.toJSON();
@@ -214,6 +329,7 @@ module.exports = class extends Base {
   async delete(where) {
     const instance = this.where(this.tableName, where);
     const data = await instance.find();
+    await this._updateCmtGroupByMailUserIdCache(data, 'delete');
 
     return AV.Object.destroyAll(data);
   }