@waline/vercel 1.28.2 → 1.29.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.28.2",
+  "version": "1.29.0",
   "description": "vercel server for waline comment system",
   "keywords": [
     "waline",
@@ -15,40 +15,40 @@
   "license": "MIT",
   "author": "lizheming <i@imnerd.org>",
   "dependencies": {
-    "@cloudbase/node-sdk": "2.9.1",
-    "@koa/cors": "4.0.0",
-    "akismet": "2.0.7",
-    "deta": "1.1.0",
-    "dompurify": "3.0.1",
-    "dy-node-ip2region": "1.0.1",
-    "fast-csv": "4.3.6",
-    "form-data": "4.0.0",
-    "jsdom": "21.1.1",
-    "jsonwebtoken": "9.0.0",
-    "katex": "0.16.4",
-    "leancloud-storage": "4.14.0",
-    "markdown-it": "13.0.1",
-    "markdown-it-emoji": "2.0.2",
-    "markdown-it-sub": "1.0.0",
-    "markdown-it-sup": "1.0.0",
-    "mathjax-full": "3.2.2",
-    "node-fetch": "2.6.9",
-    "nodemailer": "6.9.1",
-    "nunjucks": "3.2.3",
-    "phpass": "0.1.1",
-    "prismjs": "1.29.0",
-    "speakeasy": "2.0.0",
-    "think-helper": "1.1.4",
-    "think-logger3": "1.3.1",
-    "think-model": "1.5.4",
-    "think-model-mysql": "1.1.7",
+    "@cloudbase/node-sdk": "^2.9.1",
+    "@koa/cors": "^4.0.0",
+    "akismet": "^2.0.7",
+    "deta": "^1.1.0",
+    "dompurify": "^3.0.1",
+    "dy-node-ip2region": "^1.0.1",
+    "fast-csv": "^4.3.6",
+    "form-data": "^4.0.0",
+    "jsdom": "^21.1.1",
+    "jsonwebtoken": "^9.0.0",
+    "katex": "^0.16.4",
+    "leancloud-storage": "^4.14.0",
+    "markdown-it": "^13.0.1",
+    "markdown-it-emoji": "^2.0.2",
+    "markdown-it-sub": "^1.0.0",
+    "markdown-it-sup": "^1.0.0",
+    "mathjax-full": "^3.2.2",
+    "node-fetch": "^2.6.9",
+    "nodemailer": "^6.9.1",
+    "nunjucks": "^3.2.3",
+    "phpass": "^0.1.1",
+    "prismjs": "^1.29.0",
+    "speakeasy": "^2.0.0",
+    "think-helper": "^1.1.4",
+    "think-logger3": "^1.3.1",
+    "think-model": "^1.5.4",
+    "think-model-mysql": "^1.1.7",
     "think-model-mysql2": "^2.0.0",
     "think-model-postgresql": "1.1.7",
-    "think-model-sqlite": "1.3.1",
-    "think-mongo": "2.2.1",
-    "think-router-rest": "1.0.5",
-    "thinkjs": "3.2.14",
-    "ua-parser-js": "1.0.34"
+    "think-model-sqlite": "^1.3.1",
+    "think-mongo": "^2.2.1",
+    "think-router-rest": "^1.0.5",
+    "thinkjs": "^3.2.14",
+    "ua-parser-js": "^1.0.35"
   },
   "engines": {
     "node": ">=14"

package/src/controller/article.js

@@ -27,7 +27,9 @@ module.exports = class extends BaseRest {
         return o;
       }, {});
 
-      return this.jsonOrSuccess((type.length === 1 && deprecated) ? data[type[0]] : data);
+      return this.jsonOrSuccess(
+        type.length === 1 && deprecated ? data[type[0]] : data
+      );
     }
 
     const respObj = resp.reduce((o, n) => {

package/src/controller/comment.js

@@ -61,7 +61,7 @@ async function formatCmt(
   if (typeof comment.sticky === 'string') {
     comment.sticky = Boolean(Number(comment.sticky));
   }
-  
+
   comment.time = new Date(comment.insertedAt).getTime();
   if (!deprecated) {
     delete comment.insertedAt;
@@ -150,7 +150,12 @@ module.exports = class extends BaseRest {
         return this.jsonOrSuccess(
           await Promise.all(
             comments.map((cmt) =>
-              formatCmt(cmt, users, { ...this.config(), deprecated: this.ctx.state.deprecated }, userInfo)
+              formatCmt(
+                cmt,
+                users,
+                { ...this.config(), deprecated: this.ctx.state.deprecated },
+                userInfo
+              )
             )
           )
         );
@@ -256,7 +261,12 @@ module.exports = class extends BaseRest {
           waitingCount,
           data: await Promise.all(
             comments.map((cmt) =>
-              formatCmt(cmt, users, { ...this.config(), deprecated: this.ctx.state.deprecated }, userInfo)
+              formatCmt(
+                cmt,
+                users,
+                { ...this.config(), deprecated: this.ctx.state.deprecated },
+                userInfo
+              )
             )
           ),
         });
@@ -449,7 +459,7 @@ module.exports = class extends BaseRest {
                 comment,
                 users,
                 { ...this.config(), deprecated: this.ctx.state.deprecated },
-                userInfo,
+                userInfo
               );
 
               cmt.children = await Promise.all(
@@ -656,7 +666,12 @@ module.exports = class extends BaseRest {
     think.logger.debug(`Comment post hooks postSave done!`);
 
     return this.success(
-      await formatCmt(resp, [userInfo], { ...this.config(), deprecated: this.ctx.state.deprecated }, userInfo)
+      await formatCmt(
+        resp,
+        [userInfo],
+        { ...this.config(), deprecated: this.ctx.state.deprecated },
+        userInfo
+      )
     );
   }
 

package/src/controller/index.js

@@ -28,6 +28,7 @@ module.exports = class extends think.Controller {
           lang: params.get('lng'),
           serverURL: location.protocol + '//' + location.host + location.pathname.replace(/\\/+$/, ''),
           recaptchaV3Key: '${process.env.RECAPTCHA_V3_KEY || ''}',
+          turnstileKey: '${process.env.TURNSTILE_KEY || ''}',
         });
       </script>
     </body>

package/src/logic/base.js

@@ -135,30 +135,64 @@ module.exports = class extends think.Logic {
   }
 
   async useCaptchaCheck() {
-    const { RECAPTCHA_V3_SECRET } = process.env;
+    const { RECAPTCHA_V3_SECRET, TURNSTILE_SECRET } = process.env;
+    const { turnstile, recaptchaV3 } = this.post();
+
+    if (TURNSTILE_SECRET) {
+      return this.useRecaptchaOrTurnstileCheck({
+        secret: TURNSTILE_SECRET,
+        token: turnstile,
+        api: 'https://challenges.cloudflare.com/turnstile/v0/siteverify',
+        method: 'POST',
+      });
+    }
+
+    if (RECAPTCHA_V3_SECRET) {
+      return this.useRecaptchaOrTurnstileCheck({
+        secret: RECAPTCHA_V3_SECRET,
+        token: recaptchaV3,
+        api: 'https://recaptcha.net/recaptcha/api/siteverify',
+        method: 'GET',
+      });
+    }
+  }
 
-    if (!RECAPTCHA_V3_SECRET) {
+  async useRecaptchaOrTurnstileCheck({ secret, token, api, method }) {
+    if (!secret) {
       return;
     }
-    const { recaptchaV3 } = this.post();
 
-    if (!recaptchaV3) {
+    if (!token) {
       return this.ctx.throw(403);
     }
 
     const query = qs.stringify({
-      secret: RECAPTCHA_V3_SECRET,
-      response: recaptchaV3,
+      secret,
+      response: token,
       remoteip: this.ctx.ip,
     });
-    const recaptchaV3Result = await fetch(
-      `https://recaptcha.net/recaptcha/api/siteverify?${query}`
-    ).then((resp) => resp.json());
 
-    if (!recaptchaV3Result.success) {
+    const requestUrl = method === 'GET' ? api + '?' + query : api;
+    const options =
+      method === 'GET'
+        ? {}
+        : {
+            method,
+            headers: {
+              'content-type':
+                'application/x-www-form-urlencoded; charset=UTF-8',
+            },
+            body: query,
+          };
+
+    const response = await fetch(requestUrl, options).then((resp) =>
+      resp.json()
+    );
+
+    if (!response.success) {
       think.logger.debug(
-        'RecaptchaV3 Result:',
-        JSON.stringify(recaptchaV3Result, null, '\t')
+        'RecaptchaV3 or Turnstile Result:',
+        JSON.stringify(response, null, '\t')
       );
 
       return this.ctx.throw(403);

package/src/middleware/dashboard.js

@@ -13,6 +13,7 @@ module.exports = function () {
     window.SITE_URL = ${JSON.stringify(process.env.SITE_URL)};
     window.SITE_NAME = ${JSON.stringify(process.env.SITE_NAME)};
     window.recaptchaV3Key = ${JSON.stringify(process.env.RECAPTCHA_V3_KEY)};
+    window.turnstileKey = ${JSON.stringify(process.env.TURNSTILE_KEY)};
     window.serverURL = '${ctx.serverURL}/api/';
     </script>
     <script src="${