@waline/vercel 1.28.2 → 1.30.0

package/dist/src/controller/article.js

@@ -3,10 +3,7 @@ const BaseRest = require('./rest');
 module.exports = class extends BaseRest {
   constructor(ctx) {
     super(ctx);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Counter'
-    );
+    this.modelInstance = this.getModel('Counter');
   }
 
   async getAction() {

package/dist/src/controller/comment.js

@@ -68,10 +68,7 @@ async function formatCmt(
 module.exports = class extends BaseRest {
   constructor(ctx) {
     super(ctx);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Comment'
-    );
+    this.modelInstance = this.getModel('Comment');
   }
 
   async getAction() {
@@ -114,10 +111,7 @@ module.exports = class extends BaseRest {
           ],
         });
 
-        const userModel = this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        );
+        const userModel = this.getModel('Users');
         const user_ids = Array.from(
           new Set(comments.map(({ user_id }) => user_id).filter((v) => v))
         );
@@ -212,10 +206,7 @@ module.exports = class extends BaseRest {
           offset: Math.max((page - 1) * pageSize, 0),
         });
 
-        const userModel = this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        );
+        const userModel = this.getModel('Users');
         const user_ids = Array.from(
           new Set(comments.map(({ user_id }) => user_id).filter((v) => v))
         );
@@ -355,10 +346,7 @@ module.exports = class extends BaseRest {
           });
         }
 
-        const userModel = this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        );
+        const userModel = this.getModel('Users');
         const user_ids = Array.from(
           new Set(comments.map(({ user_id }) => user_id).filter((v) => v))
         );
@@ -592,10 +580,7 @@ module.exports = class extends BaseRest {
       parentComment = await this.modelInstance.select({ objectId: pid });
       parentComment = parentComment[0];
       if (parentComment.user_id) {
-        parentUser = await this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        ).select({
+        parentUser = await this.getModel('Users').select({
           objectId: parentComment.user_id,
         });
         parentUser = parentUser[0];
@@ -677,10 +662,7 @@ module.exports = class extends BaseRest {
     let cmtUser;
 
     if (!think.isEmpty(newData) && newData[0].user_id) {
-      cmtUser = await this.service(
-        `storage/${this.config('storage')}`,
-        'Users'
-      ).select({
+      cmtUser = await this.getModel('Users').select({
         objectId: newData[0].user_id,
       });
       cmtUser = cmtUser[0];
@@ -706,10 +688,7 @@ module.exports = class extends BaseRest {
       let pUser;
 
       if (pComment.user_id) {
-        pUser = await this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        ).select({
+        pUser = await this.getModel('Users').select({
           objectId: pComment.user_id,
         });
         pUser = pUser[0];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.28.2",
+  "version": "1.30.0",
   "description": "vercel server for waline comment system",
   "keywords": [
     "waline",
@@ -15,40 +15,40 @@
   "license": "MIT",
   "author": "lizheming <i@imnerd.org>",
   "dependencies": {
-    "@cloudbase/node-sdk": "2.9.1",
-    "@koa/cors": "4.0.0",
-    "akismet": "2.0.7",
-    "deta": "1.1.0",
-    "dompurify": "3.0.1",
-    "dy-node-ip2region": "1.0.1",
-    "fast-csv": "4.3.6",
-    "form-data": "4.0.0",
-    "jsdom": "21.1.1",
-    "jsonwebtoken": "9.0.0",
-    "katex": "0.16.4",
-    "leancloud-storage": "4.14.0",
-    "markdown-it": "13.0.1",
-    "markdown-it-emoji": "2.0.2",
-    "markdown-it-sub": "1.0.0",
-    "markdown-it-sup": "1.0.0",
-    "mathjax-full": "3.2.2",
-    "node-fetch": "2.6.9",
-    "nodemailer": "6.9.1",
-    "nunjucks": "3.2.3",
-    "phpass": "0.1.1",
-    "prismjs": "1.29.0",
-    "speakeasy": "2.0.0",
-    "think-helper": "1.1.4",
-    "think-logger3": "1.3.1",
-    "think-model": "1.5.4",
-    "think-model-mysql": "1.1.7",
+    "@cloudbase/node-sdk": "^2.9.1",
+    "@koa/cors": "^4.0.0",
+    "akismet": "^2.0.7",
+    "deta": "^1.1.0",
+    "dompurify": "^3.0.1",
+    "dy-node-ip2region": "^1.0.1",
+    "fast-csv": "^4.3.6",
+    "form-data": "^4.0.0",
+    "jsdom": "^21.1.1",
+    "jsonwebtoken": "^9.0.0",
+    "katex": "^0.16.4",
+    "leancloud-storage": "^4.14.0",
+    "markdown-it": "^13.0.1",
+    "markdown-it-emoji": "^2.0.2",
+    "markdown-it-sub": "^1.0.0",
+    "markdown-it-sup": "^1.0.0",
+    "mathjax-full": "^3.2.2",
+    "node-fetch": "^2.6.9",
+    "nodemailer": "^6.9.1",
+    "nunjucks": "^3.2.3",
+    "phpass": "^0.1.1",
+    "prismjs": "^1.29.0",
+    "speakeasy": "^2.0.0",
+    "think-helper": "^1.1.4",
+    "think-logger3": "^1.3.1",
+    "think-model": "^1.5.4",
+    "think-model-mysql": "^1.1.7",
     "think-model-mysql2": "^2.0.0",
     "think-model-postgresql": "1.1.7",
-    "think-model-sqlite": "1.3.1",
-    "think-mongo": "2.2.1",
-    "think-router-rest": "1.0.5",
-    "thinkjs": "3.2.14",
-    "ua-parser-js": "1.0.34"
+    "think-model-sqlite": "^1.3.1",
+    "think-mongo": "^2.2.1",
+    "think-router-rest": "^1.0.5",
+    "thinkjs": "^3.2.14",
+    "ua-parser-js": "^1.0.35"
   },
   "engines": {
     "node": ">=14"

package/src/controller/article.js

@@ -3,10 +3,7 @@ const BaseRest = require('./rest');
 module.exports = class extends BaseRest {
   constructor(ctx) {
     super(ctx);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Counter'
-    );
+    this.modelInstance = this.getModel('Counter');
   }
 
   async getAction() {
@@ -27,7 +24,9 @@ module.exports = class extends BaseRest {
         return o;
       }, {});
 
-      return this.jsonOrSuccess((type.length === 1 && deprecated) ? data[type[0]] : data);
+      return this.jsonOrSuccess(
+        type.length === 1 && deprecated ? data[type[0]] : data
+      );
     }
 
     const respObj = resp.reduce((o, n) => {

package/src/controller/comment.js

@@ -61,7 +61,7 @@ async function formatCmt(
   if (typeof comment.sticky === 'string') {
     comment.sticky = Boolean(Number(comment.sticky));
   }
-  
+
   comment.time = new Date(comment.insertedAt).getTime();
   if (!deprecated) {
     delete comment.insertedAt;
@@ -75,10 +75,7 @@ async function formatCmt(
 module.exports = class extends BaseRest {
   constructor(ctx) {
     super(ctx);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Comment'
-    );
+    this.modelInstance = this.getModel('Comment');
   }
 
   async getAction() {
@@ -121,10 +118,7 @@ module.exports = class extends BaseRest {
           ],
         });
 
-        const userModel = this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        );
+        const userModel = this.getModel('Users');
         const user_ids = Array.from(
           new Set(comments.map(({ user_id }) => user_id).filter((v) => v))
         );
@@ -150,7 +144,12 @@ module.exports = class extends BaseRest {
         return this.jsonOrSuccess(
           await Promise.all(
             comments.map((cmt) =>
-              formatCmt(cmt, users, { ...this.config(), deprecated: this.ctx.state.deprecated }, userInfo)
+              formatCmt(
+                cmt,
+                users,
+                { ...this.config(), deprecated: this.ctx.state.deprecated },
+                userInfo
+              )
             )
           )
         );
@@ -222,10 +221,7 @@ module.exports = class extends BaseRest {
           offset: Math.max((page - 1) * pageSize, 0),
         });
 
-        const userModel = this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        );
+        const userModel = this.getModel('Users');
         const user_ids = Array.from(
           new Set(comments.map(({ user_id }) => user_id).filter((v) => v))
         );
@@ -256,7 +252,12 @@ module.exports = class extends BaseRest {
           waitingCount,
           data: await Promise.all(
             comments.map((cmt) =>
-              formatCmt(cmt, users, { ...this.config(), deprecated: this.ctx.state.deprecated }, userInfo)
+              formatCmt(
+                cmt,
+                users,
+                { ...this.config(), deprecated: this.ctx.state.deprecated },
+                userInfo
+              )
             )
           ),
         });
@@ -363,10 +364,7 @@ module.exports = class extends BaseRest {
           comments = [...rootComments, ...children];
         }
 
-        const userModel = this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        );
+        const userModel = this.getModel('Users');
         const user_ids = Array.from(
           new Set(comments.map(({ user_id }) => user_id).filter((v) => v))
         );
@@ -449,7 +447,7 @@ module.exports = class extends BaseRest {
                 comment,
                 users,
                 { ...this.config(), deprecated: this.ctx.state.deprecated },
-                userInfo,
+                userInfo
               );
 
               cmt.children = await Promise.all(
@@ -610,10 +608,7 @@ module.exports = class extends BaseRest {
       parentComment = await this.modelInstance.select({ objectId: pid });
       parentComment = parentComment[0];
       if (parentComment.user_id) {
-        parentUser = await this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        ).select({
+        parentUser = await this.getModel('Users').select({
           objectId: parentComment.user_id,
         });
         parentUser = parentUser[0];
@@ -656,7 +651,12 @@ module.exports = class extends BaseRest {
     think.logger.debug(`Comment post hooks postSave done!`);
 
     return this.success(
-      await formatCmt(resp, [userInfo], { ...this.config(), deprecated: this.ctx.state.deprecated }, userInfo)
+      await formatCmt(
+        resp,
+        [userInfo],
+        { ...this.config(), deprecated: this.ctx.state.deprecated },
+        userInfo
+      )
     );
   }
 
@@ -695,10 +695,7 @@ module.exports = class extends BaseRest {
     let cmtUser;
 
     if (!think.isEmpty(newData) && newData[0].user_id) {
-      cmtUser = await this.service(
-        `storage/${this.config('storage')}`,
-        'Users'
-      ).select({
+      cmtUser = await this.getModel('Users').select({
         objectId: newData[0].user_id,
       });
       cmtUser = cmtUser[0];
@@ -724,10 +721,7 @@ module.exports = class extends BaseRest {
       let pUser;
 
       if (pComment.user_id) {
-        pUser = await this.service(
-          `storage/${this.config('storage')}`,
-          'Users'
-        ).select({
+        pUser = await this.getModel('Users').select({
           objectId: pComment.user_id,
         });
         pUser = pUser[0];

package/src/controller/db.js

@@ -16,8 +16,7 @@ module.exports = class extends BaseRest {
 
     for (let i = 0; i < exportData.tables.length; i++) {
       const tableName = exportData.tables[i];
-      const storage = this.config('storage');
-      const model = this.service(`storage/${storage}`, tableName);
+      const model = this.getModel(tableName);
 
       const data = await model.select({});
 
@@ -31,7 +30,7 @@ module.exports = class extends BaseRest {
     const { table } = this.get();
     const item = this.post();
     const storage = this.config('storage');
-    const model = this.service(`storage/${storage}`, table);
+    const model = this.getModel(table);
 
     if (storage === 'leancloud' || storage === 'mysql') {
       item.insertedAt && (item.insertedAt = new Date(item.insertedAt));
@@ -48,8 +47,7 @@ module.exports = class extends BaseRest {
   async putAction() {
     const { table, objectId } = this.get();
     const data = this.post();
-    const storage = this.config('storage');
-    const model = this.service(`storage/${storage}`, table);
+    const model = this.getModel(table);
 
     delete data.objectId;
     delete data.createdAt;
@@ -61,8 +59,7 @@ module.exports = class extends BaseRest {
 
   async deleteAction() {
     const { table } = this.get();
-    const storage = this.config('storage');
-    const model = this.service(`storage/${storage}`, table);
+    const model = this.getModel(table);
 
     await model.delete({});
 

package/src/controller/index.js

@@ -28,6 +28,7 @@ module.exports = class extends think.Controller {
           lang: params.get('lng'),
           serverURL: location.protocol + '//' + location.host + location.pathname.replace(/\\/+$/, ''),
           recaptchaV3Key: '${process.env.RECAPTCHA_V3_KEY || ''}',
+          turnstileKey: '${process.env.TURNSTILE_KEY || ''}',
         });
       </script>
     </body>

package/src/controller/oauth.js

@@ -1,14 +1,10 @@
 const jwt = require('jsonwebtoken');
 const fetch = require('node-fetch');
-const { PasswordHash } = require('phpass');
 
 module.exports = class extends think.Controller {
   constructor(ctx) {
     super(ctx);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    this.modelInstance = this.getModel('Users');
   }
 
   async indexAction() {
@@ -109,7 +105,7 @@ module.exports = class extends think.Controller {
         url: user.url,
         avatar: user.avatar,
         [type]: user.id,
-        password: new PasswordHash().hashPassword(Math.random()),
+        password: this.hashPassword(Math.random()),
         type: think.isEmpty(count) ? 'administrator' : 'guest',
       };
 

package/src/controller/token/2fa.js

@@ -8,10 +8,7 @@ module.exports = class extends BaseRest {
     const { email } = this.get();
 
     if (think.isEmpty(userInfo) && email) {
-      const userModel = this.service(
-        `storage/${this.config('storage')}`,
-        'Users'
-      );
+      const userModel = this.getModel('Users');
 
       const user = await userModel.select(
         { email },
@@ -54,10 +51,7 @@ module.exports = class extends BaseRest {
       return this.fail(this.locale('TWO_FACTOR_AUTH_ERROR_DETAIL'));
     }
 
-    const userModel = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    const userModel = this.getModel('Users');
     const { objectId } = this.ctx.state.userInfo;
 
     await userModel.update({ ['2fa']: data.secret }, { objectId });

package/src/controller/token.js

@@ -1,5 +1,4 @@
 const jwt = require('jsonwebtoken');
-const { PasswordHash } = require('phpass');
 const speakeasy = require('speakeasy');
 const helper = require('think-helper');
 
@@ -8,10 +7,7 @@ const BaseRest = require('./rest');
 module.exports = class extends BaseRest {
   constructor(...args) {
     super(...args);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    this.modelInstance = this.getModel('Users');
   }
 
   getAction() {
@@ -26,10 +22,7 @@ module.exports = class extends BaseRest {
       return this.fail();
     }
 
-    const checkPassword = new PasswordHash().checkPassword(
-      password,
-      user[0].password
-    );
+    const checkPassword = this.checkPassword(password, user[0].password);
 
     if (!checkPassword) {
       return this.fail();

package/src/controller/user/password.js

@@ -19,10 +19,7 @@ module.exports = class extends BaseRest {
     }
 
     const { email } = this.post();
-    const userModel = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    const userModel = this.getModel('Users');
     const user = await userModel.select({ email });
 
     if (think.isEmpty(user)) {

package/src/controller/user.js

@@ -1,14 +1,9 @@
-const { PasswordHash } = require('phpass');
-
 const BaseRest = require('./rest');
 
 module.exports = class extends BaseRest {
   constructor(...args) {
     super(...args);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    this.modelInstance = this.getModel('Users');
   }
 
   async getAction() {
@@ -81,7 +76,7 @@ module.exports = class extends BaseRest {
       ? `verify:${token}:${Date.now() + 1 * 60 * 60 * 1000}`
       : 'guest';
 
-    data.password = new PasswordHash().hashPassword(data.password);
+    data.password = this.hashPassword(data.password);
     data.type = think.isEmpty(count) ? 'administrator' : normalType;
 
     if (think.isEmpty(resp)) {
@@ -157,7 +152,7 @@ module.exports = class extends BaseRest {
     }
 
     if (password) {
-      updateData.password = new PasswordHash().hashPassword(password);
+      updateData.password = this.hashPassword(password);
     }
 
     if (think.isString(twoFactorAuth)) {
@@ -187,10 +182,7 @@ module.exports = class extends BaseRest {
 
   async getUsersListByCount() {
     const { pageSize } = this.get();
-    const commentModel = this.service(
-      `storage/${this.config('storage')}`,
-      'Comment'
-    );
+    const commentModel = this.getModel('Comment');
     const counts = await commentModel.count(
       {
         status: ['NOT IN', ['waiting', 'spam']],

package/src/controller/verification.js

@@ -3,10 +3,7 @@ const BaseRest = require('./rest');
 module.exports = class extends BaseRest {
   constructor(...args) {
     super(...args);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    this.modelInstance = this.getModel('Users');
   }
 
   async getAction() {

package/src/extend/controller.js

@@ -1,4 +1,5 @@
 const nunjucks = require('nunjucks');
+const { PasswordHash } = require('phpass');
 
 const locales = require('../locales');
 
@@ -26,4 +27,29 @@ module.exports = {
 
     return nunjucks.renderString(message, variables);
   },
+  getModel(modelName) {
+    const { storage, model } = this.config('storage');
+
+    if (typeof model === 'function') {
+      const modelInstance = model(modelName, this);
+
+      if (modelInstance) {
+        return modelInstance;
+      }
+    }
+
+    return this.service(`storage/${storage}`, modelName);
+  },
+  hashPassword(password) {
+    const PwdHash = this.config('encryptPassword') || PasswordHash;
+    const pwdHash = new PwdHash();
+
+    return pwdHash.hashPassword(password);
+  },
+  checkPassword(password, storeHash) {
+    const PwdHash = this.config('encryptPassword') || PasswordHash;
+    const pwdHash = new PwdHash();
+
+    return pwdHash.checkPassword(password, storeHash);
+  },
 };

package/src/logic/base.js

@@ -8,10 +8,7 @@ const helper = require('think-helper');
 module.exports = class extends think.Logic {
   constructor(...args) {
     super(...args);
-    this.modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Users'
-    );
+    this.modelInstance = this.getModel('Users');
     this.resource = this.getResource();
     this.id = this.getId();
   }
@@ -135,30 +132,64 @@ module.exports = class extends think.Logic {
   }
 
   async useCaptchaCheck() {
-    const { RECAPTCHA_V3_SECRET } = process.env;
+    const { RECAPTCHA_V3_SECRET, TURNSTILE_SECRET } = process.env;
+    const { turnstile, recaptchaV3 } = this.post();
+
+    if (TURNSTILE_SECRET) {
+      return this.useRecaptchaOrTurnstileCheck({
+        secret: TURNSTILE_SECRET,
+        token: turnstile,
+        api: 'https://challenges.cloudflare.com/turnstile/v0/siteverify',
+        method: 'POST',
+      });
+    }
 
-    if (!RECAPTCHA_V3_SECRET) {
+    if (RECAPTCHA_V3_SECRET) {
+      return this.useRecaptchaOrTurnstileCheck({
+        secret: RECAPTCHA_V3_SECRET,
+        token: recaptchaV3,
+        api: 'https://recaptcha.net/recaptcha/api/siteverify',
+        method: 'GET',
+      });
+    }
+  }
+
+  async useRecaptchaOrTurnstileCheck({ secret, token, api, method }) {
+    if (!secret) {
       return;
     }
-    const { recaptchaV3 } = this.post();
 
-    if (!recaptchaV3) {
+    if (!token) {
       return this.ctx.throw(403);
     }
 
     const query = qs.stringify({
-      secret: RECAPTCHA_V3_SECRET,
-      response: recaptchaV3,
+      secret,
+      response: token,
       remoteip: this.ctx.ip,
     });
-    const recaptchaV3Result = await fetch(
-      `https://recaptcha.net/recaptcha/api/siteverify?${query}`
-    ).then((resp) => resp.json());
 
-    if (!recaptchaV3Result.success) {
+    const requestUrl = method === 'GET' ? api + '?' + query : api;
+    const options =
+      method === 'GET'
+        ? {}
+        : {
+            method,
+            headers: {
+              'content-type':
+                'application/x-www-form-urlencoded; charset=UTF-8',
+            },
+            body: query,
+          };
+
+    const response = await fetch(requestUrl, options).then((resp) =>
+      resp.json()
+    );
+
+    if (!response.success) {
       think.logger.debug(
-        'RecaptchaV3 Result:',
-        JSON.stringify(recaptchaV3Result, null, '\t')
+        'RecaptchaV3 or Turnstile Result:',
+        JSON.stringify(response, null, '\t')
       );
 
       return this.ctx.throw(403);

package/src/logic/comment.js

@@ -262,10 +262,7 @@ module.exports = class extends Base {
     }
 
     // 3. comment author modify comment content
-    const modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Comment'
-    );
+    const modelInstance = this.getModel('Comment');
     const commentData = await modelInstance.select({
       user_id: userInfo.objectId,
       objectId: this.id,
@@ -299,10 +296,7 @@ module.exports = class extends Base {
       return;
     }
 
-    const modelInstance = this.service(
-      `storage/${this.config('storage')}`,
-      'Comment'
-    );
+    const modelInstance = this.getModel('Comment');
     const commentData = await modelInstance.select({
       user_id: userInfo.objectId,
       objectId: this.id,

package/src/middleware/dashboard.js

@@ -13,6 +13,7 @@ module.exports = function () {
     window.SITE_URL = ${JSON.stringify(process.env.SITE_URL)};
     window.SITE_NAME = ${JSON.stringify(process.env.SITE_NAME)};
     window.recaptchaV3Key = ${JSON.stringify(process.env.RECAPTCHA_V3_KEY)};
+    window.turnstileKey = ${JSON.stringify(process.env.TURNSTILE_KEY)};
     window.serverURL = '${ctx.serverURL}/api/';
     </script>
     <script src="${