@waline/vercel 1.26.3 → 1.26.4

package/dist/src/logic/base.js

@@ -0,0 +1,164 @@
+const path = require('path');
+const qs = require('querystring');
+const fetch = require('node-fetch');
+const jwt = require('jsonwebtoken');
+const helper = require('think-helper');
+
+module.exports = class extends think.Logic {
+  constructor(...args) {
+    super(...args);
+    this.modelInstance = this.service(
+      `storage/${this.config('storage')}`,
+      'Users'
+    );
+    this.resource = this.getResource();
+    this.id = this.getId();
+  }
+
+  async __before() {
+    const referrer = this.ctx.referrer(true);
+    let { secureDomains } = this.config();
+
+    if (secureDomains && referrer && this.ctx.host.indexOf(referrer) !== 0) {
+      secureDomains = think.isArray(secureDomains)
+        ? secureDomains
+        : [secureDomains];
+      secureDomains.push(
+        'localhost',
+        '127.0.0.1',
+        'github.com',
+        'api.twitter.com',
+        'www.facebook.com'
+      );
+
+      const match = secureDomains.some((domain) =>
+        think.isFunction(domain.test)
+          ? domain.test(referrer)
+          : domain === referrer
+      );
+
+      if (!match) {
+        return this.ctx.throw(403);
+      }
+    }
+
+    this.ctx.state.userInfo = {};
+    const { authorization } = this.ctx.req.headers;
+    const { state } = this.get();
+
+    if (!authorization && !state) {
+      return;
+    }
+    const token = state || authorization.replace(/^Bearer /, '');
+    let userMail = '';
+
+    try {
+      userMail = jwt.verify(token, think.config('jwtKey'));
+    } catch (e) {
+      think.logger.debug(e);
+    }
+
+    if (think.isEmpty(userMail) || !think.isString(userMail)) {
+      return;
+    }
+
+    const user = await this.modelInstance.select(
+      { email: userMail },
+      {
+        field: [
+          'id',
+          'email',
+          'url',
+          'display_name',
+          'type',
+          'github',
+          'twitter',
+          'facebook',
+          'google',
+          'weibo',
+          'qq',
+          'avatar',
+          '2fa',
+          'label',
+        ],
+      }
+    );
+
+    if (think.isEmpty(user)) {
+      return;
+    }
+
+    const userInfo = user[0];
+
+    let avatarUrl = userInfo.avatar
+      ? userInfo.avatar
+      : await think.service('avatar').stringify({
+          mail: userInfo.email,
+          nick: userInfo.display_name,
+          link: userInfo.url,
+        });
+    const { avatarProxy } = think.config();
+
+    if (avatarProxy) {
+      avatarUrl = avatarProxy + '?url=' + encodeURIComponent(avatarUrl);
+    }
+    userInfo.avatar = avatarUrl;
+    userInfo.mailMd5 = helper.md5(userInfo.email);
+    this.ctx.state.userInfo = userInfo;
+    this.ctx.state.token = token;
+  }
+
+  getResource() {
+    const filename = this.__filename || __filename;
+    const last = filename.lastIndexOf(path.sep);
+
+    return filename.substr(last + 1, filename.length - last - 4);
+  }
+
+  getId() {
+    const id = this.get('id');
+
+    if (id && (think.isString(id) || think.isNumber(id))) {
+      return id;
+    }
+
+    const last = decodeURIComponent(this.ctx.path.split('/').pop());
+
+    if (last !== this.resource && /^([a-z0-9]+,?)*$/i.test(last)) {
+      return last;
+    }
+
+    return '';
+  }
+
+  async useCaptchaCheck() {
+    const { RECAPTCHA_V3_SECRET } = process.env;
+
+    if (!RECAPTCHA_V3_SECRET) {
+      return;
+    }
+    const { recaptchaV3 } = this.post();
+
+    if (!recaptchaV3) {
+      return this.ctx.throw(403);
+    }
+
+    const query = qs.stringify({
+      secret: RECAPTCHA_V3_SECRET,
+      response: recaptchaV3,
+      remoteip: this.ctx.ip,
+    });
+    const recaptchaV3Result = await fetch(
+      `https://recaptcha.net/recaptcha/api/siteverify?${query}`
+    ).then((resp) => resp.json());
+
+    if (!recaptchaV3Result.success) {
+      think.logger.debug(
+        'RecaptchaV3 Result:',
+        JSON.stringify(recaptchaV3Result, null, '\t')
+      );
+
+      return this.ctx.throw(403);
+    }
+  }
+};

package/dist/src/logic/comment.js

@@ -0,0 +1,317 @@
+const Base = require('./base');
+
+module.exports = class extends Base {
+  checkAdmin() {
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo)) {
+      return this.ctx.throw(401);
+    }
+
+    if (userInfo.type !== 'administrator') {
+      return this.ctx.throw(403);
+    }
+  }
+
+  /**
+   * @api {GET} /comment Get comment list for client
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  path  comment url path
+   * @apiParam  {String}  page  page
+   * @apiParam  {String}  pageSize  page size
+   * @apiParam  {String}  sortBy  comment sort type, one of 'insertedAt_desc', 'insertedAt_asc', 'like_desc'
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  page return current comments list page
+   * @apiSuccess  (200) {Number}  pageSize  to  return error message if error
+   * @apiSuccess  (200) {Object[]}  data  comments list
+   * @apiSuccess  (200) {String}  data.nick comment user nick name
+   * @apiSuccess  (200) {String}  data.mail comment user mail md5
+   * @apiSuccess  (200) {String}  data.link comment user link
+   * @apiSuccess  (200) {String}  data.objectId comment id
+   * @apiSuccess  (200) {String}  data.browser comment user browser
+   * @apiSuccess  (200) {String}  data.os comment user os
+   * @apiSuccess  (200) {String}  data.insertedAt comment created time
+   * @apiSuccess  (200) {String}  data.avatar comment user avatar
+   * @apiSuccess  (200) {String}  data.type comment login user type
+   * @apiSuccess  (200) {Object[]}  data.children children comments list
+   * @apiSuccess  (200) {String}  data.children.nick comment user nick name
+   * @apiSuccess  (200) {String}  data.children.mail comment user mail md5
+   * @apiSuccess  (200) {String}  data.children.link comment user link
+   * @apiSuccess  (200) {String}  data.children.objectId comment id
+   * @apiSuccess  (200) {String}  data.children.browser comment user browser
+   * @apiSuccess  (200) {String}  data.children.os comment user os
+   * @apiSuccess  (200) {String}  data.children.insertedAt comment created time
+   * @apiSuccess  (200) {String}  data.children.avatar comment user avatar
+   * @apiSuccess  (200) {String}  data.children.type comment login user type
+   */
+  /**
+   * @api {GET} /comment?type=list Get comment list for admin
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  page  page
+   * @apiParam  {String}  pageSize  page size
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   * @apiSuccess  (200) {Object}  data
+   * @apiSuccess  (200) {Number}  data.page comments list current page
+   * @apiSuccess  (200) {Number}  data.pageSize comments list page size
+   * @apiSuccess  (200) {Number}  data.totalPages comments list total pages
+   * @apiSuccess  (200) {Number}  data.spamCount spam comments count
+   * @apiSuccess  (200) {Number}  data.waitingCount waiting comments count
+   * @apiSuccess  (200) {Object[]}  data.data comments list data
+   * @apiSuccess  (200) {String}  data.data.ip comment user ip address
+   * @apiSuccess  (200) {String}  data.data.nick comment user nick name
+   * @apiSuccess  (200) {String}  data.data.mail comment user mail md5
+   * @apiSuccess  (200) {String}  data.data.link comment user link
+   * @apiSuccess  (200) {String}  data.data.objectId comment id
+   * @apiSuccess  (200) {String}  data.data.status comment status, approved, waiting or spam
+   * @apiSuccess  (200) {String}  data.data.ua  comment user agent
+   * @apiSuccess  (200) {String}  data.data.insertedAt comment created time
+   * @apiSuccess  (200) {String}  data.data.avatar comment user avatar
+   * @apiSuccess  (200) {String}  data.data.url comment article link
+   */
+  /**
+   * @api {GET} /comment?type=count Get comment count for articles
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  url a array string join by comma just like `a` or `a,b`, return site comment count if url empty
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccessExample {Number} Single Path Response:
+   * 300
+   * @apiSuccessExample {Number} Multiple Path Response:
+   * [300, 100]
+   */
+  /**
+   * @api {GET} /comment?type=recent Get recent comments
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  count return comments number, default value is 10
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Object[]} response
+   * @apiSuccess  (200) {String}  response.nick comment user nick name
+   * @apiSuccess  (200) {String}  response.mail comment user mail md5
+   * @apiSuccess  (200) {String}  response.link comment user link
+   * @apiSuccess  (200) {String}  response.objectId comment id
+   * @apiSuccess  (200) {String}  response.browser comment user browser
+   * @apiSuccess  (200) {String}  response.os comment user os
+   * @apiSuccess  (200) {String}  response.insertedAt comment created time
+   * @apiSuccess  (200) {String}  response.avatar comment user avatar
+   * @apiSuccess  (200) {String}  response.type comment login user type
+   */
+  getAction() {
+    const { type, path } = this.get();
+    const isAllowedGet = type !== 'list' || path;
+
+    if (!isAllowedGet) {
+      this.checkAdmin();
+    }
+
+    switch (type) {
+      case 'recent':
+        this.rules = {
+          count: {
+            int: { max: 50 },
+            default: 10,
+          },
+        };
+        break;
+
+      case 'count':
+        this.rules = {
+          url: {
+            array: true,
+          },
+        };
+        break;
+
+      case 'list': {
+        const { userInfo } = this.ctx.state;
+
+        if (userInfo.type !== 'administrator') {
+          return this.fail();
+        }
+        this.rules = {
+          page: {
+            int: true,
+            default: 1,
+          },
+          pageSize: {
+            int: { max: 100 },
+            default: 10,
+          },
+        };
+        break;
+      }
+
+      default:
+        this.rules = {
+          path: {
+            string: true,
+            required: true,
+          },
+          page: {
+            int: true,
+            default: 1,
+          },
+          pageSize: {
+            int: { max: 100 },
+            default: 10,
+          },
+          sortBy: {
+            in: ['insertedAt_desc', 'insertedAt_asc', 'like_desc'],
+            default: 'insertedAt_desc',
+          },
+        };
+        break;
+    }
+  }
+
+  /**
+   * @api {POST} /comment post comment
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  nick post comment user nick name
+   * @apiParam  {String}  mail  post comment user mail address
+   * @apiParam  {String}  link  post comment user link
+   * @apiParam  {String}  comment  post comment text
+   * @apiParam  {String}  url  the article url path of comment
+   * @apiParam  {String}  ua  browser user agent
+   * @apiParam  {String}  pid parent comment id
+   * @apiParam  {String}  rid root comment id
+   * @apiParam  {String}  at  parent comment user nick name
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   * @apiSuccess  (200) {Object}  data  return comment data
+   * @apiSuccess  (200) {String}  data.nick comment user nick name
+   * @apiSuccess  (200) {String}  data.mail comment user mail md5
+   * @apiSuccess  (200) {String}  data.link comment user link
+   * @apiSuccess  (200) {String}  data.objectId comment id
+   * @apiSuccess  (200) {String}  data.browser comment user browser
+   * @apiSuccess  (200) {String}  data.os comment user os
+   * @apiSuccess  (200) {String}  data.insertedAt comment created time
+   * @apiSuccess  (200) {String}  data.avatar comment user avatar
+   * @apiSuccess  (200) {String}  data.type comment login user type
+   */
+  async postAction() {
+    const { LOGIN } = process.env;
+    const { userInfo } = this.ctx.state;
+
+    if (!think.isEmpty(userInfo)) {
+      return;
+    }
+
+    if (LOGIN === 'force') {
+      return this.ctx.throw(401);
+    }
+
+    return this.useCaptchaCheck();
+  }
+
+  /**
+   * @api {PUT} /comment/:id update comment data
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  [nick] post comment user nick name
+   * @apiParam  {String}  [mail]  post comment user mail address
+   * @apiParam  {String}  [link]  post comment user link
+   * @apiParam  {String}  [comment]  post comment text
+   * @apiParam  {String}  [url]  the article url path of comment
+   * @apiParam  {Boolean} [like] like comment
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  async putAction() {
+    const { userInfo } = this.ctx.state;
+    const { like } = this.post();
+
+    // 1. like
+    if (think.isEmpty(userInfo) && think.isBoolean(like)) {
+      this.rules = {
+        like: {
+          required: true,
+          boolean: true,
+        },
+      };
+
+      return;
+    }
+
+    if (think.isEmpty(userInfo)) {
+      return this.ctx.throw(401);
+    }
+
+    // 2. administrator
+    if (userInfo.type === 'administrator') {
+      return;
+    }
+
+    // 3. comment author modify comment content
+    const modelInstance = this.service(
+      `storage/${this.config('storage')}`,
+      'Comment'
+    );
+    const commentData = await modelInstance.select({
+      user_id: userInfo.objectId,
+      objectId: this.id,
+    });
+
+    if (!think.isEmpty(commentData)) {
+      return;
+    }
+
+    return this.ctx.throw(403);
+  }
+
+  /**
+   * @api {DELETE} /comment/:id delete comment
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  async deleteAction() {
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo)) {
+      return this.ctx.throw(401);
+    }
+
+    if (userInfo.type === 'administrator') {
+      return;
+    }
+
+    const modelInstance = this.service(
+      `storage/${this.config('storage')}`,
+      'Comment'
+    );
+    const commentData = await modelInstance.select({
+      user_id: userInfo.objectId,
+      objectId: this.id,
+    });
+
+    if (!think.isEmpty(commentData)) {
+      return;
+    }
+
+    return this.ctx.throw(403);
+  }
+};

package/dist/src/logic/db.js

@@ -0,0 +1,81 @@
+const Base = require('./base');
+
+module.exports = class extends Base {
+  async __before(...args) {
+    await super.__before(...args);
+
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo)) {
+      return this.fail(401);
+    }
+
+    if (userInfo.type !== 'administrator') {
+      return this.fail(403);
+    }
+  }
+
+  /**
+   * @api {GET} /db export site data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   */
+  async getAction() {}
+
+  /**
+   * @api {POST} /db import site data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   */
+  async postAction() {
+    this.rules = {
+      table: {
+        string: true,
+        required: true,
+        method: 'GET',
+      },
+    };
+  }
+
+  /**
+   * @api {PUT} /db update site table data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   */
+  async putAction() {
+    this.rules = {
+      table: {
+        string: true,
+        required: true,
+        method: 'GET',
+      },
+      objectId: {
+        required: true,
+        method: 'GET',
+      },
+    };
+  }
+
+  /**
+   * @api {DELETE} /db clean site data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   */
+  async deleteAction() {
+    this.rules = {
+      table: {
+        string: true,
+        required: true,
+        method: 'GET',
+      },
+    };
+  }
+};

package/dist/src/logic/oauth.js

@@ -0,0 +1,10 @@
+const Base = require('./base');
+
+module.exports = class extends Base {
+  /**
+   * @api {GET} /oauth oauth api
+   * @apiGroup  OAuth
+   * @apiVersion  0.0.1
+   */
+  indexAction() {}
+};

package/dist/src/logic/token/2fa.js

@@ -0,0 +1,28 @@
+const Base = require('../base');
+
+module.exports = class extends Base {
+  async getAction() {
+    const { email } = this.get();
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo) && !email) {
+      return this.fail(401);
+    }
+  }
+
+  async postAction() {
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo)) {
+      return this.fail(401);
+    }
+
+    this.rules = {
+      code: {
+        required: true,
+        string: true,
+        length: 6,
+      },
+    };
+  }
+};

package/dist/src/logic/token.js

@@ -0,0 +1,53 @@
+const Base = require('./base');
+
+module.exports = class extends Base {
+  /**
+   * @api {GET} /token  get login user info
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   * @apiSuccess  (200) {Object}  data user info
+   * @apiSuccess  (200) {String}  data.avatar user avatar
+   * @apiSuccess  (200) {String}  data.createdAt user register time
+   * @apiSuccess  (200) {String}  data.display_name user nick name
+   * @apiSuccess  (200) {String}  data.email user email address
+   * @apiSuccess  (200) {String}  data.github user github account name
+   * @apiSuccess  (200) {String}  data.mailMd5 user mail md5
+   * @apiSuccess  (200) {String}  data.objectId user id
+   * @apiSuccess  (200) {String}  data.type user type, administrator or guest
+   * @apiSuccess  (200) {String}  data.url user link
+   */
+  getAction() {}
+
+  /**
+   * @api {POST} /token user login
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  email login user email
+   * @apiParam  {String}  password login user password
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  postAction() {
+    return this.useCaptchaCheck();
+  }
+
+  /**
+   * @api {DELETE} /token  user logout
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  deleteAction() {}
+};

package/dist/src/logic/user/password.js

@@ -0,0 +1,11 @@
+const Base = require('../base');
+
+module.exports = class extends Base {
+  async putAction() {
+    this.rules = {
+      email: {
+        required: true,
+      },
+    };
+  }
+};