@waline/vercel 1.21.0 → 1.23.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.21.0",
+  "version": "1.23.0",
   "description": "vercel server for waline comment system",
   "keywords": [
     "waline",

package/src/controller/article.js

@@ -1,6 +1,5 @@
 const BaseRest = require('./rest');
 
-// title, time, url, xid
 module.exports = class extends BaseRest {
   constructor(ctx) {
     super(ctx);
@@ -11,7 +10,7 @@ module.exports = class extends BaseRest {
   }
 
   async getAction() {
-    const { path } = this.get();
+    const { path, type } = this.get();
 
     // path is required
     if (!Array.isArray(path) || !path.length) {
@@ -21,42 +20,69 @@ module.exports = class extends BaseRest {
     const resp = await this.modelInstance.select({ url: ['IN', path] });
 
     if (think.isEmpty(resp)) {
-      return this.json(0);
-    }
+      const data = type.reduce((o, field) => {
+        o[field] = 0;
+
+        return o;
+      }, {});
 
-    if (path.length === 1) {
-      return this.json(resp[0].time);
+      return this.json(type.length === 1 ? data[type[0]] : data);
     }
 
     const respObj = resp.reduce((o, n) => {
-      o[n.url] = n.time;
+      o[n.url] = n;
 
       return o;
     }, {});
 
-    return this.json(path.map((url) => respObj[url] || 0));
+    const data = [];
+
+    for (let i = 0; i < path.length; i++) {
+      const url = path[i];
+      let counters = {};
+
+      for (let j = 0; j < type.length; j++) {
+        const field = type[j];
+
+        counters[field] =
+          respObj[url] && respObj[url][field] ? respObj[url][field] : 0;
+      }
+
+      if (type.length === 1) {
+        counters = counters[type[0]];
+      }
+      data.push(counters);
+    }
+
+    return this.json(path.length === 1 ? data[0] : data);
   }
 
   async postAction() {
-    const { path } = this.post();
+    const { path, type, action } = this.post();
     const resp = await this.modelInstance.select({ url: path });
 
     if (think.isEmpty(resp)) {
-      const time = 1;
+      if (action === 'desc') {
+        return this.json(0);
+      }
+
+      const count = 1;
 
       await this.modelInstance.add(
-        { url: path, time },
+        { url: path, [type]: count },
         { access: { read: true, write: true } }
       );
 
-      return this.json(time);
+      return this.json(count);
     }
 
     const ret = await this.modelInstance.update(
-      (counter) => ({ time: counter.time + 1 }),
+      (counter) => ({
+        [type]: action === 'desc' ? counter[type] - 1 : counter[type] + 1,
+      }),
       { objectId: ['IN', resp.map(({ objectId }) => objectId)] }
     );
 
-    return this.json(ret[0].time);
+    return this.json(ret[0][type]);
   }
 };

package/src/controller/comment.js

@@ -655,8 +655,10 @@ module.exports = class extends BaseRest {
     oldData = oldData[0];
     if (think.isBoolean(data.like)) {
       const likeIncMax = this.config('LIKE_INC_MAX') || 1;
-      data.like = (Number(oldData.like) || 0) +
-      (data.like ? Math.ceil(Math.random() * likeIncMax) : -1);
+
+      data.like =
+        (Number(oldData.like) || 0) +
+        (data.like ? Math.ceil(Math.random() * likeIncMax) : -1);
     }
 
     const preUpdateResp = await this.hook('preUpdate', {
@@ -673,6 +675,7 @@ module.exports = class extends BaseRest {
     });
 
     let cmtUser;
+
     if (!think.isEmpty(newData) && newData[0].user_id) {
       cmtUser = await this.service(
         `storage/${this.config('storage')}`,
@@ -688,13 +691,12 @@ module.exports = class extends BaseRest {
       this.config(),
       userInfo
     );
-    
+
     if (
       oldData.status === 'waiting' &&
       data.status === 'approved' &&
       oldData.pid
     ) {
-
       let pComment = await this.modelInstance.select({
         objectId: oldData.pid,
       });

package/src/controller/db.js

@@ -1,29 +1,5 @@
-const fs = require('fs');
-const util = require('util');
 const BaseRest = require('./rest');
 
-const readFileAsync = util.promisify(fs.readFile);
-
-function formatID(data, idGenerator) {
-  const objectIdMap = {};
-
-  for (let i = 0; i < data.length; i++) {
-    const { objectId } = data[i];
-
-    objectIdMap[objectId] = idGenerator(data[i], i, data);
-  }
-
-  for (let i = 0; i < data.length; i++) {
-    ['objectId', 'pid', 'rid']
-      .filter((k) => data[i][k])
-      .forEach((k) => {
-        data[i][k] = objectIdMap[data[i][k]];
-      });
-  }
-
-  return data;
-}
-
 module.exports = class extends BaseRest {
   async getAction() {
     const exportData = {
@@ -52,95 +28,41 @@ module.exports = class extends BaseRest {
   }
 
   async postAction() {
-    const file = this.file('file');
-
-    try {
-      const jsonText = await readFileAsync(file.path, 'utf-8');
-      const importData = JSON.parse(jsonText);
-
-      if (!importData || importData.type !== 'waline') {
-        return this.fail(this.locale('import data format not support!'));
-      }
-
-      const idMaps = {};
-      const storage = this.config('storage');
-
-      for (let i = 0; i < importData.tables.length; i++) {
-        const tableName = importData.tables[i];
-        const model = this.service(`storage/${storage}`, tableName);
-
-        idMaps[tableName] = new Map();
-        let data = importData.data[tableName];
-
-        if (['postgresql', 'mysql', 'sqlite'].includes(storage)) {
-          let i = 0;
-
-          data = formatID(data, () => (i = i + 1));
-          await model.setSeqId(1);
-        }
-
-        if (storage === 'leancloud' || storage === 'mysql') {
-          data.forEach((item) => {
-            item.insertedAt && (item.insertedAt = new Date(item.insertedAt));
-            item.createdAt && (item.createdAt = new Date(item.createdAt));
-            item.updatedAt && (item.updatedAt = new Date(item.updatedAt));
-          });
-        }
-
-        // delete all data at first
-        await model.delete({});
-        // then add data one by one
-        for (let j = 0; j < data.length; j++) {
-          const ret = await model.add(data[j]);
+    const { table } = this.get();
+    const item = this.post();
+    const storage = this.config('storage');
+    const model = this.service(`storage/${storage}`, table);
+
+    if (storage === 'leancloud' || storage === 'mysql') {
+      item.insertedAt && (item.insertedAt = new Date(item.insertedAt));
+      item.createdAt && (item.createdAt = new Date(item.createdAt));
+      item.updatedAt && (item.updatedAt = new Date(item.updatedAt));
+    }
 
-          idMaps[tableName].set(data[j].objectId, ret.objectId);
-        }
-      }
+    delete item.objectId;
+    const resp = await model.add(item);
 
-      const cmtModel = this.service(`storage/${storage}`, 'Comment');
-      const commentData = importData.data.Comment;
-      const willUpdateData = [];
+    return this.success(resp);
+  }
 
-      for (let i = 0; i < commentData.length; i++) {
-        const cmt = commentData[i];
-        const willUpdateItem = {};
+  async putAction() {
+    const { table, objectId } = this.get();
+    const data = this.post();
+    const storage = this.config('storage');
+    const model = this.service(`storage/${storage}`, table);
 
-        [
-          { tableName: 'Comment', field: 'pid' },
-          { tableName: 'Comment', field: 'rid' },
-          { tableName: 'Users', field: 'user_id' },
-        ].forEach(({ tableName, field }) => {
-          if (!cmt[field]) {
-            return;
-          }
-          const oldId = cmt[field];
-          const newId = idMaps[tableName].get(cmt[field]);
+    await model.update(data, { objectId });
 
-          if (oldId && newId && oldId !== newId) {
-            willUpdateItem[field] = newId;
-          }
-        });
-        if (!think.isEmpty(willUpdateItem)) {
-          willUpdateData.push([
-            willUpdateItem,
-            { objectId: idMaps.Comment.get(cmt.objectId) },
-          ]);
-        }
-      }
-      for (let i = 0; i < willUpdateData.length; i++) {
-        const [data, where] = willUpdateData[i];
+    return this.success();
+  }
 
-        await cmtModel.update(data, where);
-      }
+  async deleteAction() {
+    const { table } = this.get();
+    const storage = this.config('storage');
+    const model = this.service(`storage/${storage}`, table);
 
-      return this.success();
-    } catch (e) {
-      if (think.isPrevent(e)) {
-        return this.success();
-      }
-      console.log(e);
+    await model.delete({});
 
-      return this.fail(e.message);
-    }
+    return this.success();
   }
 };

package/src/controller/index.js

@@ -26,7 +26,8 @@ module.exports = class extends think.Controller {
           el: '#waline',
           path: params.get('path') || '/',
           lang: params.get('lng'),
-          serverURL: location.protocol + '//' + location.host + location.pathname.replace(/\\/+$/, '')
+          serverURL: location.protocol + '//' + location.host + location.pathname.replace(/\\/+$/, ''),
+          recaptchaV3Key: '${process.env.RECAPTCHA_V3_KEY || ''}',
         });
       </script>
     </body>

package/src/logic/article.js

@@ -4,6 +4,24 @@ module.exports = class extends Base {
   getAction() {
     this.rules = {
       path: { array: true },
+      type: { array: true, default: ['time'] },
+    };
+  }
+
+  postAction() {
+    this.rules = {
+      path: {
+        string: true,
+      },
+      type: {
+        string: true,
+        default: 'time',
+      },
+      action: {
+        string: true,
+        in: ['inc', 'desc'],
+        default: 'inc',
+      }
     };
   }
 };

package/src/logic/base.js

@@ -1,4 +1,6 @@
 const path = require('path');
+const qs = require('querystring');
+const fetch = require('node-fetch');
 const jwt = require('jsonwebtoken');
 const helper = require('think-helper');
 
@@ -122,4 +124,35 @@ module.exports = class extends think.Logic {
 
     return '';
   }
+
+  async useCaptchaCheck() {
+    const { RECAPTCHA_V3_SECRET } = process.env;
+
+    if (!RECAPTCHA_V3_SECRET) {
+      return;
+    }
+    const { recaptchaV3 } = this.post();
+
+    if (!recaptchaV3) {
+      return this.ctx.throw(403);
+    }
+
+    const query = qs.stringify({
+      secret: RECAPTCHA_V3_SECRET,
+      response: recaptchaV3,
+      remoteip: this.ctx.ip,
+    });
+    const recaptchaV3Result = await fetch(
+      `https://recaptcha.net/recaptcha/api/siteverify?${query}`
+    ).then((resp) => resp.json());
+
+    if (!recaptchaV3Result.success) {
+      think.logger.debug(
+        'RecaptchaV3 Result:',
+        JSON.stringify(recaptchaV3Result, null, '\t')
+      );
+
+      return this.ctx.throw(403);
+    }
+  }
 };

package/src/logic/comment.js

@@ -107,6 +107,7 @@ module.exports = class extends Base {
   getAction() {
     const { type, path } = this.get();
     const isAllowedGet = type !== 'list' || path;
+
     if (!isAllowedGet) {
       this.checkAdmin();
     }
@@ -199,13 +200,19 @@ module.exports = class extends Base {
    * @apiSuccess  (200) {String}  data.avatar comment user avatar
    * @apiSuccess  (200) {String}  data.type comment login user type
    */
-  postAction() {
+  async postAction() {
     const { LOGIN } = process.env;
     const { userInfo } = this.ctx.state;
 
-    if (LOGIN === 'force' && think.isEmpty(userInfo)) {
+    if (!think.isEmpty(userInfo)) {
+      return;
+    }
+
+    if (LOGIN === 'force') {
       return this.ctx.throw(401);
     }
+
+    return this.useCaptchaCheck();
   }
 
   /**
@@ -235,6 +242,7 @@ module.exports = class extends Base {
           boolean: true,
         },
       };
+
       return;
     }
 
@@ -252,11 +260,15 @@ module.exports = class extends Base {
       `storage/${this.config('storage')}`,
       'Comment'
     );
-    const commentData = await modelInstance.select({ user_id: userInfo.objectId, objectId: this.id });
+    const commentData = await modelInstance.select({
+      user_id: userInfo.objectId,
+      objectId: this.id,
+    });
+
     if (!think.isEmpty(commentData)) {
       return;
     }
-    
+
     return this.ctx.throw(403);
   }
 
@@ -283,10 +295,15 @@ module.exports = class extends Base {
       `storage/${this.config('storage')}`,
       'Comment'
     );
-    const commentData = await modelInstance.select({ user_id: userInfo.objectId, objectId: this.id });
+    const commentData = await modelInstance.select({
+      user_id: userInfo.objectId,
+      objectId: this.id,
+    });
+
     if (!think.isEmpty(commentData)) {
       return;
     }
+
     return this.ctx.throw(403);
   }
 };

package/src/logic/db.js

@@ -23,9 +23,51 @@ module.exports = class extends Base {
   async getAction() {}
 
   /**
-   * @api {GET} /db import site data
+   * @api {POST} /db import site data
    * @apiGroup Site
    * @apiVersion  0.0.1
    */
-  async postAction() {}
+  async postAction() {
+    this.rules = {
+      table: {
+        string: true,
+        required: true,
+        method: 'GET',
+      },
+    };
+  }
+
+  /**
+   * @api {PUT} /db update site table data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   */
+  async putAction() {
+    this.rules = {
+      table: {
+        string: true,
+        required: true,
+        method: 'GET',
+      },
+      objectId: {
+        required: true,
+        method: 'GET',
+      },
+    };
+  }
+
+  /**
+   * @api {DELETE} /db clean site data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   */
+  async deleteAction() {
+    this.rules = {
+      table: {
+        string: true,
+        required: true,
+        method: 'GET',
+      },
+    };
+  }
 };

package/src/logic/token.js

@@ -32,7 +32,9 @@ module.exports = class extends Base {
    * @apiSuccess  (200) {Number}  errno 0
    * @apiSuccess  (200) {String}  errmsg  return error message if error
    */
-  postAction() {}
+  postAction() {
+    return this.useCaptchaCheck();
+  }
 
   /**
    * @api {DELETE} /token  user logout

package/src/logic/user.js

@@ -33,7 +33,9 @@ module.exports = class extends Base {
    * @apiSuccess  (200) {Number}  errno 0
    * @apiSuccess  (200) {String}  errmsg  return error message if error
    */
-  postAction() {}
+  postAction() {
+    return this.useCaptchaCheck();
+  }
 
   /**
    * @api {PUT} /user update user profile

package/src/middleware/dashboard.js

@@ -12,6 +12,7 @@ module.exports = function () {
     <script>
     window.SITE_URL = ${JSON.stringify(process.env.SITE_URL)};
     window.SITE_NAME = ${JSON.stringify(process.env.SITE_NAME)};
+    window.recaptchaV3Key = ${JSON.stringify(process.env.RECAPTCHA_V3_KEY)};
     </script>
     <script src="${
       process.env.WALINE_ADMIN_MODULE_ASSET_URL || '//unpkg.com/@waline/admin'

package/src/service/storage/mysql.js

@@ -69,7 +69,7 @@ module.exports = class extends Base {
 
     instance.field([...group, 'COUNT(*) as count'].join(','));
     instance.group(group);
-    
+
     return instance.select();
   }
 
@@ -79,10 +79,9 @@ module.exports = class extends Base {
       delete data.objectId;
     }
     const date = new Date();
-    if (!data.createdAt)
-      data.createdAt = date;
-    if (!data.updatedAt)
-      data.updatedAt = date;
+
+    if (!data.createdAt) data.createdAt = date;
+    if (!data.updatedAt) data.updatedAt = date;
 
     const instance = this.model(this.tableName);
     const id = await instance.add(data);