@waline/vercel 1.20.1 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/package.json +1 -1
  2. package/src/controller/comment.js +32 -37
  3. package/src/controller/oauth.js +16 -14
  4. package/src/controller/user.js +1 -2
  5. package/src/logic/comment.js +53 -16
  6. package/src/service/storage/mysql.js +2 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@waline/vercel",
3
- "version": "1.20.1",
3
+ "version": "1.21.0",
4
4
  "description": "vercel server for waline comment system",
5
5
  "keywords": [
6
6
  "waline",
package/src/controller/comment.js CHANGED
@@ -6,7 +6,7 @@ const { getMarkdownParser } = require('../service/markdown');
6
6
  const markdownParser = getMarkdownParser();
7
7
 
8
8
  async function formatCmt(
9
- { ua, user_id, ip, ...comment },
9
+ { ua, ip, ...comment },
10
10
  users = [],
11
11
  { avatarProxy },
12
12
  loginUser
@@ -20,7 +20,7 @@ async function formatCmt(
20
20
  comment.os = [ua.os.name, ua.os.version].filter((v) => v).join(' ');
21
21
  }
22
22
 
23
- const user = users.find(({ objectId }) => user_id === objectId);
23
+ const user = users.find(({ objectId }) => comment.user_id === objectId);
24
24
 
25
25
  if (!think.isEmpty(user)) {
26
26
  comment.nick = user.display_name;
@@ -42,10 +42,12 @@ async function formatCmt(
42
42
 
43
43
  const isAdmin = loginUser && loginUser.type === 'administrator';
44
44
 
45
+ if (loginUser) {
46
+ comment.orig = comment.comment;
47
+ }
45
48
  if (!isAdmin) {
46
49
  delete comment.mail;
47
50
  } else {
48
- comment.orig = comment.comment;
49
51
  comment.ip = ip;
50
52
  }
51
53
 
@@ -592,7 +594,7 @@ module.exports = class extends BaseRest {
592
594
  if (parentComment.user_id) {
593
595
  parentUser = await this.service(
594
596
  `storage/${this.config('storage')}`,
595
- 'User'
597
+ 'Users'
596
598
  ).select({
597
599
  objectId: parentComment.user_id,
598
600
  });
@@ -642,26 +644,19 @@ module.exports = class extends BaseRest {
642
644
 
643
645
  async putAction() {
644
646
  const { userInfo } = this.ctx.state;
645
- let data = this.post();
647
+ const isAdmin = userInfo.type === 'administrator';
648
+ let data = isAdmin ? this.post() : this.post('comment,like');
646
649
  let oldData = await this.modelInstance.select({ objectId: this.id });
647
650
 
648
- if (think.isEmpty(oldData)) {
651
+ if (think.isEmpty(oldData) || think.isEmpty(data)) {
649
652
  return this.success();
650
653
  }
651
654
 
652
655
  oldData = oldData[0];
653
- if (think.isEmpty(userInfo) || userInfo.type !== 'administrator') {
654
- if (!think.isBoolean(data.like)) {
655
- return this.success();
656
- }
657
-
656
+ if (think.isBoolean(data.like)) {
658
657
  const likeIncMax = this.config('LIKE_INC_MAX') || 1;
659
-
660
- data = {
661
- like:
662
- (Number(oldData.like) || 0) +
663
- (data.like ? Math.ceil(Math.random() * likeIncMax) : -1),
664
- };
658
+ data.like = (Number(oldData.like) || 0) +
659
+ (data.like ? Math.ceil(Math.random() * likeIncMax) : -1);
665
660
  }
666
661
 
667
662
  const preUpdateResp = await this.hook('preUpdate', {
@@ -677,22 +672,28 @@ module.exports = class extends BaseRest {
677
672
  objectId: this.id,
678
673
  });
679
674
 
675
+ let cmtUser;
676
+ if (!think.isEmpty(newData) && newData[0].user_id) {
677
+ cmtUser = await this.service(
678
+ `storage/${this.config('storage')}`,
679
+ 'Users'
680
+ ).select({
681
+ objectId: newData[0].user_id,
682
+ });
683
+ cmtUser = cmtUser[0];
684
+ }
685
+ const cmtReturn = await formatCmt(
686
+ newData[0],
687
+ cmtUser ? [cmtUser] : [],
688
+ this.config(),
689
+ userInfo
690
+ );
691
+
680
692
  if (
681
693
  oldData.status === 'waiting' &&
682
694
  data.status === 'approved' &&
683
695
  oldData.pid
684
696
  ) {
685
- let cmtUser;
686
-
687
- if (newData.user_id) {
688
- cmtUser = await this.service(
689
- `storage/${this.config('storage')}`,
690
- 'User'
691
- ).select({
692
- objectId: newData.user_id,
693
- });
694
- cmtUser = cmtUser[0];
695
- }
696
697
 
697
698
  let pComment = await this.modelInstance.select({
698
699
  objectId: oldData.pid,
@@ -705,7 +706,7 @@ module.exports = class extends BaseRest {
705
706
  if (pComment.user_id) {
706
707
  pUser = await this.service(
707
708
  `storage/${this.config('storage')}`,
708
- 'User'
709
+ 'Users'
709
710
  ).select({
710
711
  objectId: pComment.user_id,
711
712
  });
@@ -713,12 +714,6 @@ module.exports = class extends BaseRest {
713
714
  }
714
715
 
715
716
  const notify = this.service('notify');
716
- const cmtReturn = await formatCmt(
717
- newData,
718
- cmtUser ? [cmtUser] : [],
719
- this.config(),
720
- userInfo
721
- );
722
717
  const pcmtReturn = await formatCmt(
723
718
  pComment,
724
719
  pUser ? [pUser] : [],
@@ -727,7 +722,7 @@ module.exports = class extends BaseRest {
727
722
  );
728
723
 
729
724
  await notify.run(
730
- { ...cmtReturn, mail: newData.mail },
725
+ { ...cmtReturn, mail: newData[0].mail },
731
726
  { ...pcmtReturn, mail: pComment.mail },
732
727
  true
733
728
  );
@@ -735,7 +730,7 @@ module.exports = class extends BaseRest {
735
730
 
736
731
  await this.hook('postUpdate', data);
737
732
 
738
- return this.success();
733
+ return this.success(cmtReturn);
739
734
  }
740
735
 
741
736
  async deleteAction() {
package/src/controller/oauth.js CHANGED
@@ -1,7 +1,6 @@
1
1
  const jwt = require('jsonwebtoken');
2
2
  const fetch = require('node-fetch');
3
3
  const { PasswordHash } = require('phpass');
4
- const qs = require('querystring');
5
4
 
6
5
  module.exports = class extends think.Controller {
7
6
  constructor(ctx) {
@@ -21,16 +20,16 @@ module.exports = class extends think.Controller {
21
20
 
22
21
  if (!hasCode) {
23
22
  const { serverURL } = this.ctx;
24
- const redirectUrl = `${serverURL}/oauth?${qs.stringify({
23
+ const redirectUrl = `${serverURL}/oauth?${new URLSearchParams({
25
24
  redirect,
26
25
  type,
27
- })}`;
26
+ }).toString()}`;
28
27
 
29
28
  return this.redirect(
30
- `${oauthUrl}/${type}?${qs.stringify({
29
+ `${oauthUrl}/${type}?${new URLSearchParams({
31
30
  redirect: redirectUrl,
32
31
  state: this.ctx.state.token,
33
- })}`
32
+ }).toString()}`
34
33
  );
35
34
  }
36
35
 
@@ -41,23 +40,26 @@ module.exports = class extends think.Controller {
41
40
 
42
41
  if (type === 'facebook') {
43
42
  const { serverURL } = this.ctx;
44
- const redirectUrl = `${serverURL}/oauth?${qs.stringify({
43
+ const redirectUrl = `${serverURL}/oauth?${new URLSearchParams({
45
44
  redirect,
46
45
  type,
47
- })}`;
46
+ }).toString()}`;
48
47
 
49
- params.state = qs.stringify({
48
+ params.state = new URLSearchParams({
50
49
  redirect: redirectUrl,
51
50
  state: this.ctx.state.token || '',
52
51
  });
53
52
  }
54
53
 
55
- const user = await fetch(`${oauthUrl}/${type}?${qs.stringify(params)}`, {
56
- method: 'GET',
57
- headers: {
58
- 'user-agent': '@waline',
59
- },
60
- }).then((resp) => resp.json());
54
+ const user = await fetch(
55
+ `${oauthUrl}/${type}?${new URLSearchParams(params).toString()}`,
56
+ {
57
+ method: 'GET',
58
+ headers: {
59
+ 'user-agent': '@waline',
60
+ },
61
+ }
62
+ ).then((resp) => resp.json());
61
63
 
62
64
  if (!user || !user.id) {
63
65
  return this.fail(user);
package/src/controller/user.js CHANGED
@@ -1,4 +1,3 @@
1
- const qs = require('querystring');
2
1
  const { PasswordHash } = require('phpass');
3
2
  const BaseRest = require('./rest');
4
3
 
@@ -82,7 +81,7 @@ module.exports = class extends BaseRest {
82
81
  const apiUrl =
83
82
  this.ctx.serverURL +
84
83
  '/verification?' +
85
- qs.stringify({ token, email: data.email });
84
+ new URLSearchParams({ token, email: data.email }).toString();
86
85
 
87
86
  await notify.transporter.sendMail({
88
87
  from:
package/src/logic/comment.js CHANGED
@@ -1,18 +1,7 @@
1
1
  const Base = require('./base');
2
2
 
3
3
  module.exports = class extends Base {
4
- async __before() {
5
- await super.__before();
6
-
7
- const { type, path } = this.get();
8
- const { like } = this.post();
9
- const isAllowedGet = this.isGet && (type !== 'list' || path);
10
- const isAllowedPut = this.ctx.isMethod('PUT') && think.isBoolean(like);
11
-
12
- if (this.isPost || isAllowedGet || isAllowedPut) {
13
- return;
14
- }
15
-
4
+ checkAdmin() {
16
5
  const { userInfo } = this.ctx.state;
17
6
 
18
7
  if (think.isEmpty(userInfo)) {
@@ -116,7 +105,11 @@ module.exports = class extends Base {
116
105
  * @apiSuccess (200) {String} response.type comment login user type
117
106
  */
118
107
  getAction() {
119
- const { type } = this.get();
108
+ const { type, path } = this.get();
109
+ const isAllowedGet = type !== 'list' || path;
110
+ if (!isAllowedGet) {
111
+ this.checkAdmin();
112
+ }
120
113
 
121
114
  switch (type) {
122
115
  case 'recent':
@@ -230,17 +223,41 @@ module.exports = class extends Base {
230
223
  * @apiSuccess (200) {Number} errno 0
231
224
  * @apiSuccess (200) {String} errmsg return error message if error
232
225
  */
233
- putAction() {
226
+ async putAction() {
234
227
  const { userInfo } = this.ctx.state;
228
+ const { like } = this.post();
235
229
 
236
- if (think.isEmpty(userInfo) || userInfo.type !== 'administrator') {
230
+ // 1. like
231
+ if (think.isEmpty(userInfo) && think.isBoolean(like)) {
237
232
  this.rules = {
238
233
  like: {
239
234
  required: true,
240
235
  boolean: true,
241
236
  },
242
237
  };
238
+ return;
239
+ }
240
+
241
+ if (think.isEmpty(userInfo)) {
242
+ return this.ctx.throw(401);
243
243
  }
244
+
245
+ // 2. administrator
246
+ if (userInfo.type === 'administrator') {
247
+ return;
248
+ }
249
+
250
+ // 3. comment author modify comment content
251
+ const modelInstance = this.service(
252
+ `storage/${this.config('storage')}`,
253
+ 'Comment'
254
+ );
255
+ const commentData = await modelInstance.select({ user_id: userInfo.objectId, objectId: this.id });
256
+ if (!think.isEmpty(commentData)) {
257
+ return;
258
+ }
259
+
260
+ return this.ctx.throw(403);
244
261
  }
245
262
 
246
263
  /**
@@ -251,5 +268,25 @@ module.exports = class extends Base {
251
268
  * @apiSuccess (200) {Number} errno 0
252
269
  * @apiSuccess (200) {String} errmsg return error message if error
253
270
  */
254
- deleteAction() {}
271
+ async deleteAction() {
272
+ const { userInfo } = this.ctx.state;
273
+
274
+ if (think.isEmpty(userInfo)) {
275
+ return this.ctx.throw(401);
276
+ }
277
+
278
+ if (userInfo.type === 'administrator') {
279
+ return;
280
+ }
281
+
282
+ const modelInstance = this.service(
283
+ `storage/${this.config('storage')}`,
284
+ 'Comment'
285
+ );
286
+ const commentData = await modelInstance.select({ user_id: userInfo.objectId, objectId: this.id });
287
+ if (!think.isEmpty(commentData)) {
288
+ return;
289
+ }
290
+ return this.ctx.throw(403);
291
+ }
255
292
  };
package/src/service/storage/mysql.js CHANGED
@@ -67,9 +67,9 @@ module.exports = class extends Base {
67
67
  return instance.count();
68
68
  }
69
69
 
70
- instance.field([...group, 'COUNT(*) as count']);
70
+ instance.field([...group, 'COUNT(*) as count'].join(','));
71
71
  instance.group(group);
72
-
72
+
73
73
  return instance.select();
74
74
  }
75
75