@waline/vercel 1.26.3 → 1.26.4

package/dist/src/logic/user.js

@@ -0,0 +1,117 @@
+const Base = require('./base');
+
+module.exports = class extends Base {
+  /**
+   * @api {GET} /user user top list without admin
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  pageSize  page size
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   * @apiSuccess  (200) {Object[]}  data  user list
+   * @apiSuccess  (200) {String}  data.nick comment user nick name
+   * @apiSuccess  (200) {String}  data.link comment user link
+   * @apiSuccess  (200) {String}  data.avatar comment user avatar
+   * @apiSuccess  (200) {String}  data.level comment user level
+   * @apiSuccess  (200) {String}  data.count user comment count
+   */
+  /**
+   * @api {GET} /user?token user list with admin login
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  page  page
+   * @apiParam  {String}  pageSize  page size
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   * @apiSuccess  (200) {Object}  data  user list
+   * @apiSuccess  (200) {Number}  data.page user list current page
+   * @apiSuccess  (200) {Number}  data.pageSize user list page size
+   * @apiSuccess  (200) {Number}  data.totalPages user list total pages
+   * @apiSuccess  (200) {Object[]}  data.data user list data
+   * @apiSuccess  (200) {String}  data.data.nick comment user nick name
+   * @apiSuccess  (200) {String}  data.data.link comment user link
+   * @apiSuccess  (200) {String}  data.data.avatar comment user avatar
+   * @apiSuccess  (200) {String}  data.data.level comment user level
+   * @apiSuccess  (200) {String}  data.data.label comment user label
+   */
+  getAction() {
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo) || userInfo.type !== 'administrator') {
+      this.rules = {
+        pageSize: {
+          int: { max: 50 },
+          default: 20,
+        },
+      };
+
+      return;
+    }
+
+    this.rules = {
+      page: {
+        int: true,
+        default: 1,
+      },
+      pageSize: {
+        int: { max: 100 },
+        default: 10,
+      },
+      email: {
+        string: true,
+      },
+    };
+  }
+
+  /**
+   * @api {POST} /user user register
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  display_name  user nick name
+   * @apiParam  {String}  email user email
+   * @apiParam  {String}  password user password
+   * @apiParam  {String}  url user link
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  postAction() {
+    return this.useCaptchaCheck();
+  }
+
+  /**
+   * @api {PUT} /user update user profile
+   * @apiGroup User
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  [display_name]  user new nick name
+   * @apiParam  {String}  [url] user new link
+   * @apiParam  {String}  [password] user new password
+   * @apiParam  {String}  [github] user github account name
+   * @apiParam  {String}  lang  language
+   *
+   * @apiSuccess  (200) {Number}  errno 0
+   * @apiSuccess  (200) {String}  errmsg  return error message if error
+   */
+  putAction() {
+    // you need login to update yourself profile
+    const { userInfo } = this.ctx.state;
+
+    if (think.isEmpty(userInfo)) {
+      return this.fail();
+    }
+
+    // you should be a administrator to update others info
+    if (this.id && userInfo.type !== 'administrator') {
+      return this.fail();
+    }
+  }
+};

package/dist/src/middleware/dashboard.js

@@ -0,0 +1,23 @@
+module.exports = function () {
+  return (ctx) => {
+    ctx.type = 'html';
+    ctx.body = `<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>Waline Management System</title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+  </head>
+  <body>
+    <script>
+    window.SITE_URL = ${JSON.stringify(process.env.SITE_URL)};
+    window.SITE_NAME = ${JSON.stringify(process.env.SITE_NAME)};
+    window.recaptchaV3Key = ${JSON.stringify(process.env.RECAPTCHA_V3_KEY)};
+    </script>
+    <script src="${
+      process.env.WALINE_ADMIN_MODULE_ASSET_URL || '//unpkg.com/@waline/admin'
+    }"></script>
+  </body>
+</html>`;
+  };
+};

package/dist/src/middleware/version.js

@@ -0,0 +1,6 @@
+const pkg = require('../../package.json');
+
+module.exports = () => async (ctx, next) => {
+  ctx.set('x-waline-version', pkg.version);
+  await next();
+};

package/dist/src/service/akismet.js

@@ -0,0 +1,41 @@
+const Akismet = require('akismet');
+const DEFAULT_KEY = '70542d86693e';
+
+module.exports = function (comment, blog) {
+  let { AKISMET_KEY, SITE_URL } = process.env;
+
+  if (!AKISMET_KEY) {
+    AKISMET_KEY = DEFAULT_KEY;
+  }
+
+  if (AKISMET_KEY.toLowerCase() === 'false') {
+    return Promise.resolve(false);
+  }
+
+  return new Promise(function (resolve, reject) {
+    const akismet = Akismet.client({ blog, apiKey: AKISMET_KEY });
+
+    akismet.verifyKey(function (err, verifyKey) {
+      if (err) {
+        return reject(err);
+      } else if (!verifyKey) {
+        return reject(new Error('Akismet API_KEY verify failed!'));
+      }
+
+      akismet.checkComment(
+        {
+          user_ip: comment.ip,
+          permalink: SITE_URL + comment.url,
+          comment_author: comment.nick,
+          comment_content: comment.comment,
+        },
+        function (err, spam) {
+          if (err) {
+            return reject(err);
+          }
+          resolve(spam);
+        }
+      );
+    });
+  });
+};

package/dist/src/service/avatar.js

@@ -0,0 +1,35 @@
+const nunjucks = require('nunjucks');
+const helper = require('think-helper');
+const { GRAVATAR_STR } = process.env;
+
+const env = new nunjucks.Environment();
+
+env.addFilter('md5', (str) => helper.md5(str));
+
+const DEFAULT_GRAVATAR_STR = `{%- set numExp = r/^[0-9]+$/g -%}
+{%- set qqMailExp = r/^[0-9]+@qq.com$/ig -%}
+{%- if numExp.test(nick) -%}
+  https://q1.qlogo.cn/g?b=qq&nk={{nick}}&s=100
+{%- elif qqMailExp.test(mail) -%}
+  https://q1.qlogo.cn/g?b=qq&nk={{mail|replace('@qq.com', '')}}&s=100
+{%- else -%}
+  https://seccdn.libravatar.org/avatar/{{mail|md5}}
+{%- endif -%}`;
+
+module.exports = class extends think.Service {
+  async stringify(comment) {
+    const fn = think.config('avatarUrl');
+
+    if (think.isFunction(fn)) {
+      const ret = await fn(comment);
+
+      if (think.isString(ret) && ret) {
+        return ret;
+      }
+    }
+
+    const gravatarStr = GRAVATAR_STR || DEFAULT_GRAVATAR_STR;
+
+    return env.renderString(gravatarStr, comment);
+  }
+};

package/dist/src/service/markdown/highlight.js

@@ -0,0 +1,32 @@
+const prism = require('prismjs');
+const rawLoadLanguages = require('prismjs/components/index');
+
+// prevent warning messages
+rawLoadLanguages.silent = true;
+
+const loadLanguages = (languages = []) => {
+  const langsToLoad = languages.filter((item) => !prism.languages[item]);
+
+  if (langsToLoad.length) {
+    rawLoadLanguages(langsToLoad);
+  }
+};
+
+/**
+ * Resolve syntax highlighter for corresponding language
+ */
+const resolveHighlighter = (language) => {
+  // try to load languages
+  loadLanguages([language]);
+
+  // return null if current language could not be loaded
+  if (!prism.languages[language]) {
+    return null;
+  }
+
+  return (code) => prism.highlight(code, prism.languages[language], language);
+};
+
+module.exports = {
+  resolveHighlighter,
+};

package/dist/src/service/markdown/index.js

@@ -0,0 +1,63 @@
+const MarkdownIt = require('markdown-it');
+const emojiPlugin = require('markdown-it-emoji');
+const subPlugin = require('markdown-it-sub');
+const supPlugin = require('markdown-it-sup');
+const { katexPlugin } = require('./katex');
+const { mathjaxPlugin } = require('./mathjax');
+const { resolveHighlighter } = require('./highlight');
+const { sanitize } = require('./xss');
+
+const getMarkdownParser = () => {
+  const { markdown = {} } = think.config();
+  const { config = {}, plugin = {} } = markdown;
+
+  // markdown-it instance
+  const markdownIt = MarkdownIt({
+    breaks: true,
+    linkify: true, // Auto convert URL-like text to links
+    typographer: true, // Enable some language-neutral replacement + quotes beautification
+
+    // default highlight
+    highlight: (code, lang) => {
+      const highlighter = resolveHighlighter(lang);
+
+      return highlighter ? highlighter(code) : '';
+    },
+
+    ...config,
+
+    // should always enable html option due to parsed emoji
+    html: true,
+  });
+
+  const { emoji, tex, mathjax, katex, sub, sup } = plugin;
+
+  // parse emoji
+  if (emoji !== false) {
+    markdownIt.use(emojiPlugin, typeof emoji === 'object' ? emoji : {});
+  }
+
+  // parse sub
+  if (sub !== false) {
+    markdownIt.use(subPlugin);
+  }
+
+  // parse sup
+  if (sup !== false) {
+    markdownIt.use(supPlugin);
+  }
+
+  // parse tex
+  if (tex === 'katex') {
+    markdownIt.use(katexPlugin, {
+      ...katex,
+      output: 'mathml',
+    });
+  } else if (tex !== false) {
+    markdownIt.use(mathjaxPlugin, mathjax);
+  }
+
+  return (content) => sanitize(markdownIt.render(content));
+};
+
+module.exports = { getMarkdownParser };

package/dist/src/service/markdown/katex.js

@@ -0,0 +1,49 @@
+const katex = require('katex');
+const { escapeHtml } = require('./utils');
+const { inlineTex, blockTex } = require('./mathCommon');
+
+// set KaTeX as the renderer for markdown-it-simplemath
+const katexInline = (tex, options) => {
+  options.displayMode = false;
+  try {
+    return katex.renderToString(tex, options);
+  } catch (error) {
+    if (options.throwOnError) console.warn(error);
+
+    return `<span class='katex-error' title='${escapeHtml(
+      error.toString()
+    )}'>${escapeHtml(tex)}</span>`;
+  }
+};
+
+const katexBlock = (tex, options) => {
+  options.displayMode = true;
+  try {
+    return `<p class='katex-block'>${katex.renderToString(tex, options)}</p>`;
+  } catch (error) {
+    if (options.throwOnError) console.warn(error);
+
+    return `<p class='katex-block katex-error' title='${escapeHtml(
+      error.toString()
+    )}'>${escapeHtml(tex)}</p>`;
+  }
+};
+
+const katexPlugin = (md, options = { throwOnError: false }) => {
+  md.inline.ruler.after('escape', 'inlineTex', inlineTex);
+
+  // It’s a workaround here because types issue
+  md.block.ruler.after('blockquote', 'blockTex', blockTex, {
+    alt: ['paragraph', 'reference', 'blockquote', 'list'],
+  });
+
+  md.renderer.rules.inlineTex = (tokens, idx) =>
+    katexInline(tokens[idx].content, options);
+
+  md.renderer.rules.blockTex = (tokens, idx) =>
+    `${katexBlock(tokens[idx].content, options)}\n`;
+};
+
+module.exports = {
+  katexPlugin,
+};

package/dist/src/service/markdown/mathCommon.js

@@ -0,0 +1,156 @@
+/*
+ * Test if potential opening or closing delimiter
+ * Assumes that there is a "$" at state.src[pos]
+ */
+const isValidDelim = (state, pos) => {
+  const prevChar = pos > 0 ? state.src.charAt(pos - 1) : '';
+  const nextChar = pos + 1 <= state.posMax ? state.src.charAt(pos + 1) : '';
+
+  return {
+    canOpen: nextChar !== ' ' && nextChar !== '\t',
+    /*
+     * Check non-whitespace conditions for opening and closing, and
+     * check that closing delimiter isn’t followed by a number
+     */
+    canClose: !(
+      prevChar === ' ' ||
+      prevChar === '\t' ||
+      /[0-9]/u.exec(nextChar)
+    ),
+  };
+};
+
+const inlineTex = (state, silent) => {
+  let match;
+  let pos;
+  let res;
+  let token;
+
+  if (state.src[state.pos] !== '$') return false;
+  res = isValidDelim(state, state.pos);
+
+  if (!res.canOpen) {
+    if (!silent) state.pending += '$';
+    state.pos += 1;
+
+    return true;
+  }
+  /*
+   * First check for and bypass all properly escaped delimiters
+   * This loop will assume that the first leading backtick can not
+   * be the first character in state.src, which is known since
+   * we have found an opening delimiter already.
+   */
+  const start = state.pos + 1;
+
+  match = start;
+  while ((match = state.src.indexOf('$', match)) !== -1) {
+    /*
+     * Found potential $, look for escapes, pos will point to
+     * first non escape when complete
+     */
+    pos = match - 1;
+    while (state.src[pos] === '\\') pos -= 1;
+    // Even number of escapes, potential closing delimiter found
+    if ((match - pos) % 2 === 1) break;
+    match += 1;
+  }
+
+  // No closing delimiter found.  Consume $ and continue.
+  if (match === -1) {
+    if (!silent) state.pending += '$';
+    state.pos = start;
+
+    return true;
+  }
+
+  // Check if we have empty content, ie: $$.  Do not parse.
+  if (match - start === 0) {
+    if (!silent) state.pending += '$$';
+    state.pos = start + 1;
+
+    return true;
+  }
+
+  // Check for valid closing delimiter
+  res = isValidDelim(state, match);
+
+  if (!res.canClose) {
+    if (!silent) state.pending += '$';
+    state.pos = start;
+
+    return true;
+  }
+
+  if (!silent) {
+    token = state.push('inlineTex', 'math', 0);
+    token.markup = '$';
+    token.content = state.src.slice(start, match);
+  }
+
+  state.pos = match + 1;
+
+  return true;
+};
+
+const blockTex = (state, start, end, silent) => {
+  let firstLine;
+  let lastLine;
+  let next;
+  let lastPos;
+  let found = false;
+  let pos = state.bMarks[start] + state.tShift[start];
+  let max = state.eMarks[start];
+
+  if (pos + 2 > max) return false;
+  if (state.src.slice(pos, pos + 2) !== '$$') return false;
+  pos += 2;
+
+  firstLine = state.src.slice(pos, max);
+
+  if (silent) return true;
+
+  if (firstLine.trim().endsWith('$$')) {
+    // Single line expression
+    firstLine = firstLine.trim().slice(0, -2);
+    found = true;
+  }
+
+  for (next = start; !found; ) {
+    next += 1;
+    if (next >= end) break;
+    pos = state.bMarks[next] + state.tShift[next];
+    max = state.eMarks[next];
+    if (pos < max && state.tShift[next] < state.blkIndent)
+      // non-empty line with negative indent should stop the list:
+      break;
+    if (state.src.slice(pos, max).trim().endsWith('$$')) {
+      lastPos = state.src.slice(0, max).lastIndexOf('$$');
+      lastLine = state.src.slice(pos, lastPos);
+      found = true;
+    }
+  }
+
+  state.line = next + 1;
+
+  const token = state.push('blockTex', 'math', 0);
+
+  token.block = true;
+  token.content =
+    ((firstLine === null || firstLine === void 0 ? void 0 : firstLine.trim())
+      ? `${firstLine}\n`
+      : '') +
+    state.getLines(start + 1, next, state.tShift[start], true) +
+    ((lastLine === null || lastLine === void 0 ? void 0 : lastLine.trim())
+      ? lastLine
+      : '');
+  token.map = [start, state.line];
+  token.markup = '$$';
+
+  return true;
+};
+
+module.exports = {
+  inlineTex,
+  blockTex,
+};

package/dist/src/service/markdown/mathjax.js

@@ -0,0 +1,78 @@
+const { mathjax } = require('mathjax-full/js/mathjax');
+const { TeX } = require('mathjax-full/js/input/tex.js');
+const { SVG } = require('mathjax-full/js/output/svg.js');
+const { liteAdaptor } = require('mathjax-full/js/adaptors/liteAdaptor.js');
+const { RegisterHTMLHandler } = require('mathjax-full/js/handlers/html.js');
+const { AllPackages } = require('mathjax-full/js/input/tex/AllPackages.js');
+
+const { escapeHtml } = require('./utils');
+const { inlineTex, blockTex } = require('./mathCommon');
+
+// set MathJax as the renderer
+class MathToSvg {
+  constructor() {
+    const adaptor = liteAdaptor();
+
+    RegisterHTMLHandler(adaptor);
+
+    const packages = AllPackages.sort();
+    const tex = new TeX({ packages });
+    const svg = new SVG({ fontCache: 'none' });
+
+    this.adaptor = adaptor;
+    this.texToNode = mathjax.document('', { InputJax: tex, OutputJax: svg });
+
+    this.inline = function (tex) {
+      const node = this.texToNode.convert(tex, { display: false });
+      let svg = this.adaptor.innerHTML(node);
+
+      if (svg.includes('data-mml-node="merror"')) {
+        const errorTitle = svg.match(/<title>(.*?)<\/title>/)[1];
+
+        svg = `<span class='mathjax-error' title='${escapeHtml(
+          errorTitle
+        )}'>${escapeHtml(tex)}</span>`;
+      }
+
+      return svg;
+    };
+
+    this.block = function (tex) {
+      const node = this.texToNode.convert(tex, { display: true });
+      let svg = this.adaptor.innerHTML(node);
+
+      if (svg.includes('data-mml-node="merror"')) {
+        const errorTitle = svg.match(/<title>(.*?)<\/title>/)[1];
+
+        svg = `<p class='mathjax-block mathjax-error' title='${escapeHtml(
+          errorTitle
+        )}'>${escapeHtml(tex)}</p>`;
+      } else {
+        svg = svg.replace(/(width=".*?")/, 'width="100%"');
+      }
+
+      return svg;
+    };
+  }
+}
+
+const mathjaxPlugin = (md) => {
+  const mathToSvg = new MathToSvg();
+
+  md.inline.ruler.after('escape', 'inlineTex', inlineTex);
+
+  // It’s a workaround here because types issue
+  md.block.ruler.after('blockquote', 'blockTex', blockTex, {
+    alt: ['paragraph', 'reference', 'blockquote', 'list'],
+  });
+
+  md.renderer.rules.inlineTex = (tokens, idx) =>
+    mathToSvg.inline(tokens[idx].content);
+
+  md.renderer.rules.blockTex = (tokens, idx) =>
+    `${mathToSvg.block(tokens[idx].content)}\n`;
+};
+
+module.exports = {
+  mathjaxPlugin,
+};

package/dist/src/service/markdown/utils.js

@@ -0,0 +1,11 @@
+const escapeHtml = (unsafeHTML) =>
+  unsafeHTML
+    .replace(/&/gu, '&')
+    .replace(/</gu, '&lt;')
+    .replace(/>/gu, '&gt;')
+    .replace(/"/gu, '&quot;')
+    .replace(/'/gu, '&#039;');
+
+module.exports = {
+  escapeHtml,
+};

package/dist/src/service/markdown/xss.js

@@ -0,0 +1,44 @@
+const createDOMPurify = require('dompurify');
+const { JSDOM } = require('jsdom');
+
+const DOMPurify = createDOMPurify(new JSDOM('').window);
+
+/**
+ * Add a hook to make all links open a new window
+ * and force their rel to be 'noreferrer noopener'
+ */
+DOMPurify.addHook('afterSanitizeAttributes', function (node) {
+  // set all elements owning target to target=_blank
+  if ('target' in node && node.href && !node.href.startsWith('about:blank#')) {
+    node.setAttribute('target', '_blank');
+    node.setAttribute('rel', 'noreferrer noopener');
+  }
+
+  // set non-HTML/MathML links to xlink:show=new
+  if (
+    !node.hasAttribute('target') &&
+    (node.hasAttribute('xlink:href') || node.hasAttribute('href'))
+  ) {
+    node.setAttribute('xlink:show', 'new');
+  }
+
+  if ('preload' in node) {
+    node.setAttribute('preload', 'none');
+  }
+});
+
+const sanitize = (content) =>
+  DOMPurify.sanitize(
+    content,
+    Object.assign(
+      {
+        FORBID_TAGS: ['form', 'input', 'style'],
+        FORBID_ATTR: ['autoplay', 'style'],
+      },
+      think.config('domPurify') || {}
+    )
+  );
+
+module.exports = {
+  sanitize,
+};