@waline/vercel 1.2.5 → 1.3.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.2.5",
+  "version": "1.3.2",
   "description": "vercel server for waline comment system",
   "repository": "https://github.com/walinejs/waline",
   "license": "MIT",

package/src/config/config.js

@@ -17,6 +17,7 @@ const {
   AVATAR_PROXY,
   GITHUB_TOKEN,
   DETA_PROJECT_KEY,
+  OAUTH_URL,
 
   MARKDOWN_CONFIG = '{}',
   MARKDOWN_HIGHLIGHT,
@@ -91,6 +92,8 @@ if (AVATAR_PROXY) {
   avatarProxy = !isFalse(AVATAR_PROXY) ? AVATAR_PROXY : '';
 }
 
+const oauthUrl = OAUTH_URL || 'https://user.75.team';
+
 module.exports = {
   workers: 1,
   storage,
@@ -100,6 +103,7 @@ module.exports = {
   secureDomains: SECURE_DOMAINS ? SECURE_DOMAINS.split(/\s*,\s*/) : undefined,
   disableUserAgent: !isFalse(DISABLE_USERAGENT),
   avatarProxy,
+  oauthUrl,
   markdown,
   mailSubject: MAIL_SUBJECT,
   mailTemplate: MAIL_TEMPLATE,

package/src/controller/comment.js

@@ -19,7 +19,7 @@ async function formatCmt(
   }
 
   const user = users.find(({ objectId }) => user_id === objectId);
-  if (user) {
+  if (!think.isEmpty(user)) {
     comment.nick = user.display_name;
     comment.mail = user.email;
     comment.link = user.url;

package/src/controller/oauth.js

@@ -1,5 +1,7 @@
+const qs = require('querystring');
 const jwt = require('jsonwebtoken');
 const { PasswordHash } = require('phpass');
+const request = require('request-promise-native');
 module.exports = class extends think.Controller {
   constructor(ctx) {
     super(ctx);
@@ -9,16 +11,58 @@ module.exports = class extends think.Controller {
     );
   }
 
-  async githubAction() {
-    const instance = this.service('auth/github', this);
-    const userInfo = await instance.getUserInfo();
-    const { github, avatar } = userInfo;
+  async indexAction() {
+    const { code, oauth_verifier, oauth_token, type, redirect } = this.get();
+    const { oauthUrl } = this.config();
+
+    const hasCode =
+      type === 'twitter' ? oauth_token && oauth_verifier : Boolean(code);
+    if (!hasCode) {
+      const { protocol, host } = this.ctx;
+      const redirectUrl = `${protocol}://${host}/oauth?${qs.stringify({
+        redirect,
+        type,
+      })}`;
+      return this.redirect(
+        `${oauthUrl}/${type}?${qs.stringify({
+          redirect: redirectUrl,
+          state: this.ctx.state.token,
+        })}`
+      );
+    }
+
+    /**
+     * user = { id, name, email, avatar,url };
+     */
+    const params = { code, oauth_verifier, oauth_token };
+    if (type === 'facebook') {
+      const { protocol, host } = this.ctx;
+      const redirectUrl = `${protocol}://${host}/oauth?${qs.stringify({
+        redirect,
+        type,
+      })}`;
+      params.state = qs.stringify({
+        redirect: redirectUrl,
+        state: this.ctx.state.token || '',
+      });
+    }
+
+    const user = await request({
+      url: `${oauthUrl}/${type}?${qs.stringify(params)}`,
+      method: 'GET',
+      json: true,
+      headers: {
+        'User-Agent': '@waline',
+      },
+    });
+    if (!user || !user.id) {
+      return this.fail();
+    }
 
-    const userByGithub = await this.modelInstance.select({ github });
+    const userBySocial = await this.modelInstance.select({ [type]: user.id });
 
-    if (!think.isEmpty(userByGithub)) {
-      const { redirect } = this.get();
-      const token = jwt.sign(userByGithub[0].email, this.config('jwtKey'));
+    if (!think.isEmpty(userBySocial)) {
+      const token = jwt.sign(userBySocial[0].email, this.config('jwtKey'));
 
       if (redirect) {
         return this.redirect(
@@ -29,49 +73,49 @@ module.exports = class extends think.Controller {
       return this.success();
     }
 
-    if (!userInfo.email) {
-      //generator a fake email if github user have no email
-      userInfo.email = `${userInfo.github}@mail.github`;
+    if (!user.email) {
+      user.email = `${user.id}@mail.${type}`;
     }
 
-    const { email } = userInfo;
     const current = this.ctx.state.userInfo;
-
     if (!think.isEmpty(current)) {
-      const updateData = { github };
+      const updateData = { [type]: user.id };
 
-      if (!current.avatar) {
-        updateData.avatar = github.avatar;
+      if (!current.avatar && user.avatar) {
+        updateData.avatar = user.avatar;
       }
 
       await this.modelInstance.update(updateData, {
         objectId: current.objectId,
       });
 
-      return this.success();
+      return this.redirect('/ui/profile');
     }
 
-    const userByEmail = await this.modelInstance.select({ email });
+    const userByEmail = await this.modelInstance.select({ email: user.email });
     if (think.isEmpty(userByEmail)) {
       const count = await this.modelInstance.count();
       const data = {
-        ...userInfo,
+        display_name: user.name,
+        email: user.email,
+        url: user.url,
+        avatar: user.avatar,
+        [type]: user.id,
         password: new PasswordHash().hashPassword(Math.random()),
         type: think.isEmpty(count) ? 'administrator' : 'guest',
       };
 
       await this.modelInstance.add(data);
     } else {
-      const updateData = { github };
+      const updateData = { [type]: user.id };
 
-      if (!userByEmail.avatar) {
-        updateData.avatar = avatar;
+      if (!userByEmail.avatar && user.avatar) {
+        updateData.avatar = user.avatar;
       }
-      await this.modelInstance.update(updateData, { email });
+      await this.modelInstance.update(updateData, { email: user.email });
     }
 
-    const { redirect } = this.get();
-    const token = jwt.sign(email, this.config('jwtKey'));
+    const token = jwt.sign(user.email, this.config('jwtKey'));
 
     if (redirect) {
       return this.redirect(

package/src/controller/user.js

@@ -78,7 +78,7 @@ module.exports = class extends BaseRest {
   }
 
   async putAction() {
-    const { display_name, url, password, github } = this.post();
+    const { display_name, url, password } = this.post();
     const { objectId } = this.ctx.state.userInfo;
 
     const updateData = {};
@@ -95,9 +95,13 @@ module.exports = class extends BaseRest {
       updateData.password = new PasswordHash().hashPassword(password);
     }
 
-    if (think.isString(github)) {
-      updateData.github = github;
-    }
+    const socials = ['github', 'twitter', 'facebook', 'google', 'weibo', 'qq'];
+    socials.forEach((social) => {
+      const nextSocial = this.post(social);
+      if (think.isString(nextSocial)) {
+        updateData[social] = nextSocial;
+      }
+    });
 
     if (think.isEmpty(updateData)) {
       return this.success();

package/src/logic/base.js

@@ -43,7 +43,21 @@ module.exports = class extends think.Logic {
 
     const user = await this.modelInstance.select(
       { email: userMail },
-      { field: ['email', 'url', 'display_name', 'type', 'github', 'avatar'] }
+      {
+        field: [
+          'email',
+          'url',
+          'display_name',
+          'type',
+          'github',
+          'twitter',
+          'facebook',
+          'google',
+          'weibo',
+          'qq',
+          'avatar',
+        ],
+      }
     );
     if (think.isEmpty(user)) {
       return;
@@ -65,5 +79,6 @@ module.exports = class extends think.Logic {
     userInfo.avatar = avatarUrl;
     userInfo.mailMd5 = helper.md5(userInfo.email);
     this.ctx.state.userInfo = userInfo;
+    this.ctx.state.token = token;
   }
 };

package/src/logic/comment.js

@@ -205,4 +205,30 @@ module.exports = class extends Base {
       return this.ctx.throw(401);
     }
   }
+
+  /**
+   * @api {POST} /comment/:id update comment data
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  [nick] post comment user nick name
+   * @apiParam  {String}  [mail]  post comment user mail address
+   * @apiParam  {String}  [link]  post comment user link
+   * @apiParam  {String}  [comment]  post comment text
+   * @apiParam  {String}  [url]  the artcile url path of comment
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  putAction() {}
+
+  /**
+   * @api {DELETE} /comment/:id delete comment
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  deleteAction() {}
 };

package/src/logic/oauth.js

@@ -2,9 +2,9 @@ const Base = require('./base');
 
 module.exports = class extends Base {
   /**
-   * @api {GET} /oauth/github  github oauth api
+   * @api {GET} /oauth oauth api
    * @apiGroup  OAuth
    * @apiVersion  0.0.1
    */
-  githubAction() {}
+  indexAction() {}
 };

package/src/logic/token.js

@@ -12,7 +12,7 @@ module.exports = class extends Base {
    * @apiSuccess  (200) {String}  data.avatar user avatar
    * @apiSuccess  (200) {String}  data.createdAt user register time
    * @apiSuccess  (200) {String}  data.display_name user nick name
-   * @apiSuccess  (200) {String}  data.emal user email address
+   * @apiSuccess  (200) {String}  data.email user email address
    * @apiSuccess  (200) {String}  data.github user github account name
    * @apiSuccess  (200) {String}  data.mailMd5 user mail md5
    * @apiSuccess  (200) {String}  data.objectId user id

package/src/logic/user.js

@@ -21,10 +21,10 @@ module.exports = class extends Base {
    * @apiGroup User
    * @apiVersion  0.0.1
    *
-   * @apiParam  {String}  display_name  user new nick name
-   * @apiParam  {String}  url user new link
-   * @apiParam  {String}  password user new password
-   * @apiParam  {String}  github user github account name
+   * @apiParam  {String}  [display_name]  user new nick name
+   * @apiParam  {String}  [url] user new link
+   * @apiParam  {String}  [password] user new password
+   * @apiParam  {String}  [github] user github account name
    *
    * @apiSuccess  (200) {Number}  errno 0
    * @apiSuccess  (200) {String}  errmsg  return error message if error

package/src/middleware/dashboard.js

@@ -1,10 +1,4 @@
-const { GITHUB_ID, GITHUB_SECRET } = process.env;
-
 module.exports = function () {
-  const socials = [['github', GITHUB_ID && GITHUB_SECRET]]
-    .filter(([, condition]) => condition)
-    .map(([name]) => name);
-
   return (ctx) => {
     ctx.type = 'html';
     ctx.body = `<!doctype html>
@@ -18,7 +12,6 @@ module.exports = function () {
     <script>
     window.SITE_URL = ${JSON.stringify(process.env.SITE_URL)};
     window.SITE_NAME = ${JSON.stringify(process.env.SITE_NAME)};
-    window.ALLOW_SOCIALS = ${JSON.stringify(socials)};
     </script>
     <script src="https://cdn.jsdelivr.net/npm/@waline/admin"></script>
   </body>

package/src/service/notify.js

@@ -242,7 +242,9 @@ module.exports = class extends think.Service {
       }
     }
 
-    const disallowList = ['github'].map((social) => 'mail.' + social);
+    const disallowList = ['github', 'twitter', 'facebook'].map(
+      (social) => 'mail.' + social
+    );
     const fakeMail = new RegExp(`@(${disallowList.join('|')})$`, 'i');
     if (parent && !fakeMail.test(parent.mail) && comment.status !== 'waiting') {
       mailList.push({

package/src/service/storage/github.js

@@ -31,6 +31,11 @@ const CSV_HEADERS = {
     'url',
     'avatar',
     'github',
+    'twitter',
+    'facebook',
+    'google',
+    'weibo',
+    'qq',
     'createdAt',
     'updatedAt',
   ],

package/src/service/auth/base.js

@@ -1,31 +0,0 @@
-const { parse } = require('url');
-
-module.exports = class extends think.Service {
-  constructor(app) {
-    super(app);
-    this.app = app;
-  }
-
-  getCompleteUrl(url = '') {
-    if (url.slice(0, 4) === 'http') {
-      try {
-        const { host } = parse(url);
-
-        if (this.app.host.toLowerCase() !== host.toLowerCase()) {
-          throw new Error(403);
-        }
-
-        return url;
-      } catch (err) {
-        // ignore error
-      }
-    }
-    const protocol = this.app.header('x-forwarded-proto') || 'http';
-
-    if (!/^\//.test(url)) {
-      url = `/${url}`;
-    }
-
-    return `${protocol}://${this.app.ctx.host}${url}`;
-  }
-};

package/src/service/auth/github.js

@@ -1,97 +0,0 @@
-const qs = require('querystring');
-const request = require('request-promise-native');
-const Base = require('./base');
-
-const OAUTH_URL = 'https://github.com/login/oauth/authorize';
-const ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token';
-const USER_INFO_URL = 'https://api.github.com/user';
-const USER_EMAILS = 'https://api.github.com/user/emails';
-const { GITHUB_ID, GITHUB_SECRET } = process.env;
-module.exports = class extends Base {
-  getAuthUrl(opts) {
-    const params = {
-      client_id: GITHUB_ID,
-      redirect_uri: opts.rdUrl,
-      scope: 'read:user,user:email',
-    };
-    return OAUTH_URL + '?' + qs.stringify(params);
-  }
-
-  async getAccessToken(opts) {
-    const params = {
-      client_id: GITHUB_ID,
-      client_secret: GITHUB_SECRET,
-      code: opts.code,
-    };
-
-    const body = await request.post({
-      url: ACCESS_TOKEN_URL,
-      headers: { Accept: 'application/json' },
-      form: params,
-      json: true,
-    });
-
-    return body;
-  }
-
-  async getUserInfoByToken(opts) {
-    const userInfo = await request.get({
-      url: USER_INFO_URL,
-      headers: {
-        'User-Agent': '@waline',
-        Authorization: 'token ' + opts.access_token,
-      },
-      json: true,
-    });
-
-    if (!userInfo.email) {
-      const emails = await request.get({
-        url: USER_EMAILS,
-        headers: {
-          'User-Agent': '@waline',
-          Authorization: 'token ' + opts.access_token,
-        },
-        json: true,
-      });
-
-      if (emails.length) {
-        userInfo.email = emails[0].email;
-      }
-    }
-
-    return {
-      github: userInfo.login,
-      display_name: userInfo.name,
-      email: userInfo.email,
-      url: userInfo.blog,
-      avatar: userInfo.avatar_url,
-    };
-  }
-
-  async redirect() {
-    const { app } = this;
-    const { redirect, state } = app.get();
-    const rdUrlAfterLogin = this.getCompleteUrl(redirect);
-
-    const params = { redirect: rdUrlAfterLogin, state };
-    const signinUrl =
-      this.getCompleteUrl('/oauth/github') + '?' + qs.stringify(params);
-    const AUTH_URL = this.getAuthUrl({ rdUrl: signinUrl });
-
-    app.redirect(AUTH_URL);
-
-    return app.success();
-  }
-
-  async getUserInfo() {
-    const { code } = this.app.get();
-
-    if (!code) {
-      return this.redirect();
-    }
-
-    const accessTokenInfo = await this.getAccessToken({ code });
-
-    return this.getUserInfoByToken(accessTokenInfo);
-  }
-};