npm - @waline/vercel - Versions diffs - 1.36.4 → 1.37.0 - Mend

@waline/vercel 1.36.4 → 1.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/__tests__/xss.spec.js +8 -19
package/development.js +1 -0
package/index.js +4 -3
package/package.json +17 -18
package/src/config/adapter.js +9 -11
package/src/config/config.js +4 -12
package/src/config/extend.js +0 -6
package/src/config/middleware.js +2 -5
package/src/controller/article.js +5 -12
package/src/controller/comment.js +33 -53
package/src/controller/db.js +3 -9
package/src/controller/oauth.js +8 -8
package/src/controller/rest.js +1 -1
package/src/controller/user/password.js +3 -12
package/src/controller/user.js +18 -45
package/src/controller/verification.js +3 -2
package/src/extend/think.js +33 -23
package/src/logic/base.js +31 -47
package/src/logic/comment.js +7 -4
package/src/logic/db.js +1 -1
package/src/logic/token.js +2 -2
package/src/middleware/dashboard.js +1 -0
package/src/middleware/plugin.js +1 -1
package/src/service/akismet.js +10 -3
package/src/service/avatar.js +2 -4
package/src/service/markdown/highlight.js +1 -1
package/src/service/markdown/mathCommon.js +2 -8
package/src/service/markdown/mathjax.js +1 -2
package/src/service/markdown/utils.js +5 -5
package/src/service/markdown/xss.js +5 -10
package/src/service/notify.js +111 -135
package/src/service/storage/base.js +2 -7
package/src/service/storage/cloudbase.js +9 -7
package/src/service/storage/github.js +39 -42
package/src/service/storage/leancloud.js +41 -54
package/src/service/storage/mongodb.js +11 -8
package/src/service/storage/mysql.js +7 -13
package/src/service/storage/postgresql.js +7 -11
package/src/service/storage/deta.js +0 -310

package/src/controller/rest.js CHANGED Viewed

@@ -21,7 +21,7 @@ module.exports = class extends think.Controller {
     const filename = this.__filename || __filename;
     const last = filename.lastIndexOf(path.sep);
-    return filename.substr(last + 1, filename.length - last - 4);
+    return filename.slice(last + 1, filename.length - last - 4);
   }
   getId() {

package/src/controller/user/password.js CHANGED Viewed

@@ -4,14 +4,8 @@ const BaseRest = require('../rest.js');
 module.exports = class extends BaseRest {
   async putAction() {
-    const {
-      SMTP_HOST,
-      SMTP_SERVICE,
-      SENDER_EMAIL,
-      SENDER_NAME,
-      SMTP_USER,
-      SITE_NAME,
-    } = process.env;
+    const { SMTP_HOST, SMTP_SERVICE, SENDER_EMAIL, SENDER_NAME, SMTP_USER, SITE_NAME } =
+      process.env;
     const hasMailService = SMTP_HOST || SMTP_SERVICE;
     if (!hasMailService) {
@@ -31,10 +25,7 @@ module.exports = class extends BaseRest {
     const profileUrl = `${this.ctx.serverURL}/ui/profile?token=${token}`;
     await notify.transporter.sendMail({
-      from:
-        SENDER_EMAIL && SENDER_NAME
-          ? `"${SENDER_NAME}" <${SENDER_EMAIL}>`
-          : SMTP_USER,
+      from: SENDER_EMAIL && SENDER_NAME ? `"${SENDER_NAME}" <${SENDER_EMAIL}>` : SMTP_USER,
       to: user[0].email,
       subject: this.locale('[{{name | safe}}] Reset Password', {
         name: SITE_NAME || 'Waline',

package/src/controller/user.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const BaseRest = require('./rest.js');
-module.exports = class extends BaseRest {
+module.exports = class UserController extends BaseRest {
   constructor(...args) {
     super(...args);
     this.modelInstance = this.getModel('Users');
@@ -50,28 +50,17 @@ module.exports = class extends BaseRest {
       email: data.email,
     });
-    if (
-      !think.isEmpty(resp) &&
-      ['administrator', 'guest'].includes(resp[0].type)
-    ) {
+    if (!think.isEmpty(resp) && ['administrator', 'guest'].includes(resp[0].type)) {
       return this.fail(this.locale('USER_EXIST'));
     }
     const count = await this.modelInstance.count();
-    const {
-      SMTP_HOST,
-      SMTP_SERVICE,
-      SENDER_EMAIL,
-      SENDER_NAME,
-      SMTP_USER,
-      SITE_NAME,
-    } = process.env;
+    const { SMTP_HOST, SMTP_SERVICE, SENDER_EMAIL, SENDER_NAME, SMTP_USER, SITE_NAME } =
+      process.env;
     const hasMailService = SMTP_HOST || SMTP_SERVICE;
-    const token = Array.from({ length: 4 }, () =>
-      Math.round(Math.random() * 9),
-    ).join('');
+    const token = Array.from({ length: 4 }, () => Math.round(Math.random() * 9)).join('');
     const normalType = hasMailService
       ? `verify:${token}:${Date.now() + 1 * 60 * 60 * 1000}`
       : 'guest';
@@ -91,16 +80,13 @@ module.exports = class extends BaseRest {
     try {
       const notify = this.service('notify', this);
-      const apiUrl = think.buildUrl(this.ctx.serverURL + '/verification', {
+      const apiUrl = think.buildUrl(`${this.ctx.serverURL}/verification`, {
         token,
         email: data.email,
       });
       await notify.transporter.sendMail({
-        from:
-          SENDER_EMAIL && SENDER_NAME
-            ? `"${SENDER_NAME}" <${SENDER_EMAIL}>`
-            : SMTP_USER,
+        from: SENDER_EMAIL && SENDER_NAME ? `"${SENDER_NAME}" <${SENDER_EMAIL}>` : SMTP_USER,
         to: data.email,
         subject: this.locale('[{{name | safe}}] Registration Confirm Mail', {
           name: SITE_NAME || 'Waline',
@@ -125,8 +111,7 @@ module.exports = class extends BaseRest {
   }
   async putAction() {
-    const { display_name, url, avatar, password, type, label, email } =
-      this.post();
+    const { display_name, url, avatar, password, type, label, email } = this.post();
     const { objectId } = this.ctx.state.userInfo;
     const twoFactorAuth = this.post('2fa');
@@ -194,6 +179,7 @@ module.exports = class extends BaseRest {
     return this.success();
   }
+  // oxlint-disable-next-line max-statements
   async getUsersListByCount() {
     const { pageSize } = this.get();
     const commentModel = this.getModel('Comment');
@@ -209,13 +195,11 @@ module.exports = class extends BaseRest {
     counts.sort((a, b) => b.count - a.count);
     counts.length = Math.min(pageSize, counts.length);
-    const userIds = counts
-      .filter(({ user_id }) => user_id)
-      .map(({ user_id }) => user_id);
+    const userIds = counts.filter(({ user_id }) => user_id).map(({ user_id }) => user_id);
-    let usersMap = {};
+    const usersMap = {};
-    if (userIds.length) {
+    if (userIds.length > 0) {
       const users = await this.modelInstance.select({
         objectId: ['IN', userIds],
       });
@@ -237,10 +221,7 @@ module.exports = class extends BaseRest {
         let level = 0;
         if (user.count) {
-          const _level = think.findLastIndex(
-            this.config('levels'),
-            (l) => l <= user.count,
-          );
+          const _level = think.findLastIndex(this.config('levels'), (level) => level <= user.count);
           if (_level !== -1) {
             level = _level;
@@ -250,15 +231,10 @@ module.exports = class extends BaseRest {
       }
       if (count.user_id && users[count.user_id]) {
-        const {
-          display_name: nick,
-          url: link,
-          avatar: avatarUrl,
-          label,
-        } = users[count.user_id];
+        const { display_name: nick, url: link, avatar: avatarUrl, label } = users[count.user_id];
         const avatar =
           avatarProxy && !avatarUrl.includes(avatarProxy)
-            ? avatarProxy + '?url=' + encodeURIComponent(avatarUrl)
+            ? `${avatarProxy}?url=${encodeURIComponent(avatarUrl)}`
             : avatarUrl;
         Object.assign(user, { nick, link, avatar, label });
@@ -266,15 +242,12 @@ module.exports = class extends BaseRest {
         continue;
       }
-      const comments = await commentModel.select(
-        { mail: count.mail },
-        { limit: 1 },
-      );
+      const comments = await commentModel.select({ mail: count.mail }, { limit: 1 });
       if (think.isEmpty(comments)) {
         continue;
       }
-      const comment = comments[0];
+      const [comment] = comments;
       if (think.isEmpty(comment)) {
         continue;
@@ -283,7 +256,7 @@ module.exports = class extends BaseRest {
       const avatarUrl = await think.service('avatar').stringify(comment);
       const avatar =
         avatarProxy && !avatarUrl.includes(avatarProxy)
-          ? avatarProxy + '?url=' + encodeURIComponent(avatarUrl)
+          ? `${avatarProxy}?url=${encodeURIComponent(avatarUrl)}`
           : avatarUrl;
       Object.assign(user, { nick, link, avatar });

package/src/controller/verification.js CHANGED Viewed

@@ -21,10 +21,11 @@ module.exports = class extends BaseRest {
       return this.fail(this.locale('USER_REGISTERED'));
     }
-    if (token === match[1] && Date.now() < parseInt(match[2])) {
+    if (token === match[1] && Date.now() < Number.parseInt(match[2])) {
       await this.modelInstance.update({ type: 'guest' }, { email });
-      return this.redirect('/ui/login');
+      this.redirect('/ui/login');
+      return;
     }
     return this.fail(this.locale('TOKEN_EXPIRED'));

package/src/extend/think.js CHANGED Viewed

@@ -1,10 +1,24 @@
-const ip2region = require('dy-node-ip2region');
-const helper = require('think-helper');
+const IP2Region = require('ip2region').default;
 const parser = require('ua-parser-js');
 const preventMessage = 'PREVENT_NEXT_PROCESS';
-const regionSearch = ip2region.create(process.env.IP2REGION_DB);
+// Cached IP2Region instance using IIFE closure pattern
+// Instance is created on first access and reused for all subsequent calls
+const getIP2RegionInstance = (() => {
+  let instance = null;
+  return () => {
+    if (!instance) {
+      instance = new IP2Region({
+        ipv4db: process.env.IP2REGION_DB_V4 || process.env.IP2REGION_DB,
+        ipv6db: process.env.IP2REGION_DB_V6,
+      });
+    }
+    return instance;
+  };
+})();
 const OS_VERSION_MAP = {
   Windows: {
@@ -34,15 +48,17 @@ module.exports = {
   },
   promiseAllQueue(promises, taskNum) {
     return new Promise((resolve, reject) => {
-      if (!promises.length) {
-        return resolve();
+      if (promises.length === 0) {
+        resolve();
+        return;
       }
       const ret = [];
       let index = 0;
       let count = 0;
-      function runTask() {
+      const runTask = () => {
         const idx = index;
         index += 1;
@@ -59,7 +75,7 @@ module.exports = {
           return runTask();
         }, reject);
-      }
+      };
       for (let i = 0; i < taskNum; i++) {
         runTask();
@@ -67,21 +83,17 @@ module.exports = {
     });
   },
   async ip2region(ip, { depth = 1 }) {
-    if (!ip || ip.includes(':')) return '';
+    if (!ip) return '';
     try {
-      const search = helper.promisify(regionSearch.btreeSearch, regionSearch);
-      const result = await search(ip);
+      const res = getIP2RegionInstance().search(ip);
-      if (!result) {
+      if (!res) {
         return '';
       }
-      const { region } = result;
-      const [, , province, city, isp] = region.split('|');
-      const address = Array.from(
-        new Set([province, city, isp].filter((v) => v)),
-      );
+      const { province, city, isp } = res;
+      const address = [...new Set([province, city, isp].filter(Boolean))];
       return address.slice(0, depth).join(' ');
     } catch (err) {
       console.log(err);
@@ -106,7 +118,7 @@ module.exports = {
       return defaultLevel;
     }
-    const level = think.findLastIndex(levels, (l) => l <= val);
+    const level = think.findLastIndex(levels, (level) => level <= val);
     return level === -1 ? defaultLevel : level;
   },
@@ -141,7 +153,7 @@ module.exports = {
       }
       if (think.isArray(middleware)) {
-        return middleware.filter((m) => think.isFunction(m));
+        return middleware.filter((middleware) => think.isFunction(middleware));
       }
     });
@@ -149,10 +161,8 @@ module.exports = {
   },
   getPluginHook(hookName) {
     return think
-      .pluginMap('hooks', (hook) =>
-        think.isFunction(hook[hookName]) ? hook[hookName] : undefined,
-      )
-      .filter((v) => v);
+      .pluginMap('hooks', (hook) => (think.isFunction(hook[hookName]) ? hook[hookName] : null))
+      .filter(Boolean);
   },
   buildUrl(path, query = {}) {
     const notEmptyQuery = {};
@@ -169,7 +179,7 @@ module.exports = {
     let destUrl = path;
     if (destUrl && notEmptyQueryStr) {
-      destUrl += destUrl.indexOf('?') !== -1 ? '&' : '?';
+      destUrl += destUrl.includes('?') ? '&' : '?';
     }
     if (notEmptyQueryStr) {
       destUrl += notEmptyQueryStr;

package/src/logic/base.js CHANGED Viewed

@@ -3,7 +3,7 @@ const qs = require('node:querystring');
 const jwt = require('jsonwebtoken');
-module.exports = class extends think.Logic {
+module.exports = class BaseLogic extends think.Logic {
   constructor(...args) {
     super(...args);
     this.modelInstance = this.getModel('Users');
@@ -11,26 +11,25 @@ module.exports = class extends think.Logic {
     this.id = this.getId();
   }
+  // oxlint-disable-next-line max-statements
   async __before() {
     const referrer = this.ctx.referrer(true);
-    let origin = this.ctx.origin;
+    let { origin } = this.ctx;
     if (origin) {
       try {
         const parsedOrigin = new URL(origin);
         origin = parsedOrigin.hostname;
-      } catch (e) {
-        console.error('Invalid origin format:', origin, e);
+      } catch (err) {
+        console.error('Invalid origin format:', origin, err);
       }
     }
     let { secureDomains } = this.config();
     if (secureDomains) {
-      secureDomains = think.isArray(secureDomains)
-        ? secureDomains
-        : [secureDomains];
+      secureDomains = think.isArray(secureDomains) ? secureDomains : [secureDomains];
       secureDomains.push(
         'localhost',
@@ -41,27 +40,20 @@ module.exports = class extends think.Logic {
         // 'api.weibo.com',
         // 'graph.qq.com',
       );
-      secureDomains = secureDomains.concat(
-        this.ctx.state.oauthServices.map(({ origin }) => origin),
-      );
+      secureDomains = [
+        ...secureDomains,
+        ...this.ctx.state.oauthServices.map(({ origin }) => origin),
+      ];
       // 转换可能的正则表达式字符串为正则表达式对象
       secureDomains = secureDomains
         .map((domain) => {
           // 如果是正则表达式字符串，创建一个 RegExp 对象
-          if (
-            typeof domain === 'string' &&
-            domain.startsWith('/') &&
-            domain.endsWith('/')
-          ) {
+          if (typeof domain === 'string' && domain.startsWith('/') && domain.endsWith('/')) {
             try {
               return new RegExp(domain.slice(1, -1)); // 去掉斜杠并创建 RegExp 对象
-            } catch (e) {
-              console.error(
-                'Invalid regex pattern in secureDomains:',
-                domain,
-                e,
-              );
+            } catch (err) {
+              console.error('Invalid regex pattern in secureDomains:', domain, err);
               return null;
             }
@@ -72,11 +64,9 @@ module.exports = class extends think.Logic {
         .filter(Boolean); // 过滤掉无效的正则表达式
       // 有 referrer 检查 referrer，没有则检查 origin
-      const checking = referrer ? referrer : origin;
+      const checking = referrer || origin;
       const isSafe = secureDomains.some((domain) =>
-        think.isFunction(domain.test)
-          ? domain.test(checking)
-          : domain === checking,
+        think.isFunction(domain.test) ? domain.test(checking) : domain === checking,
       );
       if (!isSafe) {
@@ -96,8 +86,8 @@ module.exports = class extends think.Logic {
     try {
       userId = jwt.verify(token, think.config('jwtKey'));
-    } catch (e) {
-      think.logger.debug(e);
+    } catch (err) {
+      think.logger.debug(err);
     }
     if (think.isEmpty(userId) || !think.isString(userId)) {
@@ -125,19 +115,19 @@ module.exports = class extends think.Logic {
       return;
     }
-    const userInfo = user[0];
+    const [userInfo] = user;
-    let avatarUrl = userInfo.avatar
-      ? userInfo.avatar
-      : await think.service('avatar').stringify({
-          mail: userInfo.email,
-          nick: userInfo.display_name,
-          link: userInfo.url,
-        });
+    let avatarUrl =
+      userInfo.avatar ||
+      (await think.service('avatar').stringify({
+        mail: userInfo.email,
+        nick: userInfo.display_name,
+        link: userInfo.url,
+      }));
     const { avatarProxy } = think.config();
     if (avatarProxy) {
-      avatarUrl = avatarProxy + '?url=' + encodeURIComponent(avatarUrl);
+      avatarUrl = `${avatarProxy}?url=${encodeURIComponent(avatarUrl)}`;
     }
     userInfo.avatar = avatarUrl;
     this.ctx.state.userInfo = userInfo;
@@ -148,7 +138,7 @@ module.exports = class extends think.Logic {
     const filename = this.__filename || __filename;
     const last = filename.lastIndexOf(path.sep);
-    return filename.substr(last + 1, filename.length - last - 4);
+    return filename.slice(last + 1, filename.length - last - 4);
   }
   getId() {
@@ -205,28 +195,22 @@ module.exports = class extends think.Logic {
       remoteip: this.ctx.ip,
     });
-    const requestUrl = method === 'GET' ? api + '?' + query : api;
+    const requestUrl = method === 'GET' ? `${api}?${query}` : api;
     const options =
       method === 'GET'
         ? {}
         : {
             method,
             headers: {
-              'content-type':
-                'application/x-www-form-urlencoded; charset=UTF-8',
+              'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
             },
             body: query,
           };
-    const response = await fetch(requestUrl, options).then((resp) =>
-      resp.json(),
-    );
+    const response = await fetch(requestUrl, options).then((resp) => resp.json());
     if (!response.success) {
-      think.logger.debug(
-        'RecaptchaV3 or Turnstile Result:',
-        JSON.stringify(response, null, '\t'),
-      );
+      think.logger.debug('RecaptchaV3 or Turnstile Result:', JSON.stringify(response, null, '\t'));
       return this.ctx.throw(403);
     }

package/src/logic/comment.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const Base = require('./base.js');
-module.exports = class extends Base {
+module.exports = class CommentLogic extends Base {
   checkAdmin() {
     const { userInfo } = this.ctx.state;
@@ -117,7 +117,7 @@ module.exports = class extends Base {
     }
     switch (type) {
-      case 'recent':
+      case 'recent': {
         this.rules = {
           count: {
             int: { max: 50 },
@@ -125,14 +125,16 @@ module.exports = class extends Base {
           },
         };
         break;
+      }
-      case 'count':
+      case 'count': {
         this.rules = {
           url: {
             array: true,
           },
         };
         break;
+      }
       case 'list': {
         const { userInfo } = this.ctx.state;
@@ -153,7 +155,7 @@ module.exports = class extends Base {
         break;
       }
-      default:
+      default: {
         this.rules = {
           path: {
             string: true,
@@ -173,6 +175,7 @@ module.exports = class extends Base {
           },
         };
         break;
+      }
     }
   }

package/src/logic/db.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const Base = require('./base.js');
-module.exports = class extends Base {
+module.exports = class DatabaseLogic extends Base {
   async __before(...args) {
     await super.__before(...args);

package/src/logic/token.js CHANGED Viewed

@@ -34,8 +34,8 @@ module.exports = class extends Base {
    * @apiSuccess  (200) {Number}  errno 0
    * @apiSuccess  (200) {String}  errmsg  return error message if error
    */
-  postAction() {
-    return this.useCaptchaCheck();
+  async postAction() {
+    await this.useCaptchaCheck();
   }
   /**

package/src/middleware/dashboard.js CHANGED Viewed

@@ -1,3 +1,4 @@
+// oxlint-disable-next-line func-names
 module.exports = function () {
   return (ctx) => {
     ctx.type = 'html';

package/src/middleware/plugin.js CHANGED Viewed

@@ -3,7 +3,7 @@ const compose = require('koa-compose');
 module.exports = () => async (ctx, next) => {
   const middlewares = think.getPluginMiddlewares();
-  if (!think.isArray(middlewares) || !middlewares.length) {
+  if (!think.isArray(middlewares) || middlewares.length === 0) {
     return next();
   }

package/src/service/akismet.js CHANGED Viewed

@@ -2,6 +2,7 @@ const Akismet = require('akismet');
 const DEFAULT_KEY = '70542d86693e';
+// oxlint-disable-next-line func-names
 module.exports = function (comment, blog) {
   let { AKISMET_KEY, SITE_URL } = process.env;
@@ -13,14 +14,18 @@ module.exports = function (comment, blog) {
     return Promise.resolve(false);
   }
+  // oxlint-disable-next-line func-names
   return new Promise(function (resolve, reject) {
     const akismet = Akismet.client({ blog, apiKey: AKISMET_KEY });
+    // oxlint-disable-next-line func-names
     akismet.verifyKey(function (err, verifyKey) {
       if (err) {
-        return reject(err);
+        reject(err);
+        return;
       } else if (!verifyKey) {
-        return reject(new Error('Akismet API_KEY verify failed!'));
+        reject(new Error('Akismet API_KEY verify failed!'));
+        return;
       }
       akismet.checkComment(
@@ -30,9 +35,11 @@ module.exports = function (comment, blog) {
           comment_author: comment.nick,
           comment_content: comment.comment,
         },
+        // oxlint-disable-next-line func-names
         function (err, spam) {
           if (err) {
-            return reject(err);
+            reject(err);
+            return;
           }
           resolve(spam);
         },

package/src/service/avatar.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const crypto = require('crypto');
+const crypto = require('node:crypto');
 const nunjucks = require('nunjucks');
 const helper = require('think-helper');
@@ -8,9 +8,7 @@ const { GRAVATAR_STR } = process.env;
 const env = new nunjucks.Environment();
 env.addFilter('md5', (str) => helper.md5(str));
-env.addFilter('sha256', (str) =>
-  crypto.createHash('sha256').update(str).digest('hex'),
-);
+env.addFilter('sha256', (str) => crypto.createHash('sha256').update(str).digest('hex'));
 const DEFAULT_GRAVATAR_STR = `{%- set numExp = r/^[0-9]+$/g -%}
 {%- set qqMailExp = r/^[0-9]+@qq.com$/ig -%}

package/src/service/markdown/highlight.js CHANGED Viewed

@@ -7,7 +7,7 @@ rawLoadLanguages.silent = true;
 const loadLanguages = (languages = []) => {
   const langsToLoad = languages.filter((item) => !prism.languages[item]);
-  if (langsToLoad.length) {
+  if (langsToLoad.length > 0) {
     rawLoadLanguages(langsToLoad);
   }
 };

package/src/service/markdown/mathCommon.js CHANGED Viewed

@@ -12,11 +12,7 @@ const isValidDelim = (state, pos) => {
      * Check non-whitespace conditions for opening and closing, and
      * check that closing delimiter isn’t followed by a number
      */
-    canClose: !(
-      prevChar === ' ' ||
-      prevChar === '\t' ||
-      /[0-9]/u.exec(nextChar)
-    ),
+    canClose: !(prevChar === ' ' || prevChar === '\t' || /[0-9]/u.exec(nextChar)),
   };
 };
@@ -141,9 +137,7 @@ const blockTeX = (state, start, end, silent) => {
       ? `${firstLine}\n`
       : '') +
     state.getLines(start + 1, next, state.tShift[start], true) +
-    ((lastLine === null || lastLine === void 0 ? void 0 : lastLine.trim())
-      ? lastLine
-      : '');
+    ((lastLine === null || lastLine === void 0 ? void 0 : lastLine.trim()) ? lastLine : '');
   token.map = [start, state.line];
   token.markup = '$$';