npm - @waline/vercel - Versions diffs - 1.38.0 → 1.39.1 - Mend

@waline/vercel 1.38.0 → 1.39.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +2 -1
package/src/controller/comment/rss.js +158 -0
package/src/controller/rest.js +1 -2
package/src/locales/index.js +3 -0
package/src/locales/ko-KR.json +19 -0
package/src/logic/base.js +60 -60
package/src/logic/comment/rss.js +54 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@waline/vercel",
-  "version": "1.38.0",
+  "version": "1.39.1",
   "description": "vercel server for waline comment system",
   "keywords": [
     "blog",
@@ -43,6 +43,7 @@
     "nunjucks": "^3.2.4",
     "phpass": "^0.1.1",
     "prismjs": "^1.30.0",
+    "rss": "^1.2.2",
     "speakeasy": "^2.0.0",
     "think-helper": "^1.1.4",
     "think-logger3": "^1.4.0",

package/src/controller/comment/rss.js ADDED Viewed

@@ -0,0 +1,158 @@
+const RSS = require('rss');
+const BaseRest = require('../rest.js');
+const { getMarkdownParser } = require('../../service/markdown/index.js');
+const markdownParser = getMarkdownParser();
+const isHttpUrl = (value) => /^(https?:)?\/\//i.test(value);
+const buildAbsoluteUrl = (baseUrl, path) => {
+  if (!path) return baseUrl || '';
+  if (isHttpUrl(path)) return path;
+  if (!baseUrl) return path;
+  const normalizedBase = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
+  const normalizedPath = path.startsWith('/') ? path : `/${path}`;
+  return `${normalizedBase}${normalizedPath}`;
+};
+const buildRssXml = ({ title, link, description, items }) => {
+  const channelLink = link || '';
+  const now = new Date().toUTCString();
+  const feed = new RSS({
+    title,
+    description,
+    site_url: channelLink,
+    pubDate: now,
+  });
+  items.forEach((item) => {
+    feed.item({
+      title: item.title || 'Comment',
+      description: item.description,
+      url: item.link || '',
+      guid: item.guid || item.link || '',
+      date: item.pubDate || now,
+    });
+  });
+  return feed.xml({ indent: true });
+};
+const setRssResponse = (ctx, xml) => {
+  ctx.set('Content-Type', 'application/rss+xml; charset=utf-8');
+  ctx.body = xml;
+};
+module.exports = class extends BaseRest {
+  constructor(ctx) {
+    super(ctx);
+    this.modelInstance = this.getModel('Comment');
+  }
+  async getAction() {
+    const { path, email, user_id: userId, count } = this.get();
+    const limit = Number.isFinite(Number(count)) ? Number(count) : 20;
+    const safeLimit = Math.min(Math.max(limit, 1), 50);
+    const siteUrl = process.env.SITE_URL || this.ctx.serverURL;
+    const siteName = process.env.SITE_NAME || 'Waline';
+    const where = {
+      status: ['NOT IN', ['waiting', 'spam']],
+    };
+    if (path) {
+      where.url = path;
+    } else if (email || userId) {
+      const parentWhere = {
+        status: ['NOT IN', ['waiting', 'spam']],
+      };
+      if (email && userId) {
+        parentWhere._complex = {
+          _logic: 'or',
+          mail: email,
+          user_id: userId,
+        };
+      } else if (email) {
+        parentWhere.mail = email;
+      } else if (userId) {
+        parentWhere.user_id = userId;
+      }
+      const parents = await this.modelInstance.select(parentWhere, {});
+      const parentIds = parents.map(({ objectId }) => objectId).filter(Boolean);
+      if (parentIds.length === 0) {
+        setRssResponse(
+          this.ctx,
+          buildRssXml({
+            title: `${siteName} Reply Comments`,
+            link: siteUrl,
+            description: 'Recent reply comments.',
+            items: [],
+          }),
+        );
+        return;
+      }
+      where.pid = ['IN', parentIds];
+    }
+    const comments = await this.modelInstance.select(where, {
+      desc: 'insertedAt',
+      limit: safeLimit,
+      field: ['comment', 'insertedAt', 'link', 'nick', 'url', 'user_id'],
+    });
+    const userModel = this.getModel('Users');
+    const userIds = [...new Set(comments.map(({ user_id }) => user_id).filter(Boolean))];
+    let users = [];
+    if (userIds.length > 0) {
+      users = await userModel.select(
+        { objectId: ['IN', userIds] },
+        { field: ['display_name', 'url'] },
+      );
+    }
+    const items = comments.map((comment) => {
+      const user = users.find(({ objectId }) => objectId === comment.user_id);
+      const nick = user?.display_name || comment.nick || 'Anonymous';
+      const commentUrl = buildAbsoluteUrl(siteUrl, comment.url);
+      const itemLink = commentUrl ? `${commentUrl}#${comment.objectId}` : '';
+      const description = markdownParser(comment.comment || '');
+      return {
+        title: `${nick} commented${comment.url ? ` on ${comment.url}` : ''}`,
+        link: itemLink || commentUrl,
+        guid: comment.objectId,
+        pubDate: new Date(comment.insertedAt).toUTCString(),
+        description,
+      };
+    });
+    const title = path
+      ? `${siteName} Comments for ${path}`
+      : email || userId
+        ? `${siteName} Reply Comments`
+        : `${siteName} Recent Comments`;
+    const description = path
+      ? `Recent comments for ${path}.`
+      : email || userId
+        ? 'Recent reply comments.'
+        : 'Recent comments.';
+    setRssResponse(
+      this.ctx,
+      buildRssXml({
+        title,
+        link: siteUrl,
+        description,
+        items,
+      }),
+    );
+  }
+};

package/src/controller/rest.js CHANGED Viewed

@@ -21,7 +21,7 @@ module.exports = class extends think.Controller {
     const filename = this.__filename || __filename;
     const last = filename.lastIndexOf(path.sep);
-    return filename.slice(last + 1, filename.length - last - 4);
+    return filename.slice(last + 1, - 3);
   }
   getId() {
@@ -32,7 +32,6 @@ module.exports = class extends think.Controller {
     }
     const last = decodeURIComponent(this.ctx.path.split('/').pop());
     if (last !== this.resource && /^([a-z0-9]+,?)*$/i.test(last)) {
       return last;
     }

package/src/locales/index.js CHANGED Viewed

@@ -3,6 +3,7 @@ const it = require('./it.json');
 const zhCN = require('./zh-CN.json');
 const zhTW = require('./zh-TW.json');
 const jp = require('./jp.json');
+const koKR = require('./ko-KR.json');
 const de = require('./de.json');
 const esMX = require('./es.json');
 const fr = require('./fr.json');
@@ -19,6 +20,8 @@ module.exports = {
   'it-it': it,
   jp,
   'jp-jp': jp,
+  ko: koKR,
+  'ko-kr': koKR,
   de,
   esMX,
   fr,

package/src/locales/ko-KR.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "import data format not support!": "가져오기 데이터 형식이 지원되지 않습니다!",
+  "USER_EXIST": "이미 존재하는 사용자입니다",
+  "USER_NOT_EXIST": "사용자가 존재하지 않습니다",
+  "USER_REGISTERED": "사용자가 등록되었습니다",
+  "TOKEN_EXPIRED": "토큰이 만료되었습니다",
+  "TWO_FACTOR_AUTH_ERROR_DETAIL": "2단계 인증 오류 상세",
+  "[{{name | safe}}] Registration Confirm Mail": "[{{name | safe}}] 가입 확인 메일",
+  "Please click <a href=\"{{url}}\">{{url}}<a/> to confirm registration, the link is valid for 1 hour. If you are not registering, please ignore this email.": "<a href=\"{{url}}\">{{url}}</a>을 클릭하여 가입을 확인해 주세요. 링크는 1시간 동안 유효합니다. 가입하지 않으셨다면 이 이메일을 무시해 주세요.",
+  "[{{name | safe}}] Reset Password": "[{{name | safe}}] 비밀번호 재설정",
+  "Please click <a href=\"{{url}}\">{{url}}</a> to login and change your password as soon as possible!": "<a href=\"{{url}}\">{{url}}</a>을 클릭하여 로그인하고 가능한 빨리 비밀번호를 변경해 주세요!",
+  "Duplicate Content": "중복된 내용",
+  "Comment too fast": "댓글 작성이 너무 빠릅니다",
+  "Registration confirm mail send failed, please {%- if isAdmin -%}check your mail configuration{%- else -%}check your email address and contact administrator{%- endif -%}.": "가입 확인 메일 발송에 실패했습니다. {%- if isAdmin -%}메일 설정을 확인해 주세요{%- else -%}이메일 주소를 확인하고 관리자에게 문의해 주세요{%- endif -%}.",
+  "MAIL_SUBJECT": "{{site.name | safe}}에서 댓글에 답글이 달렸습니다",
+  "MAIL_TEMPLATE": "<div style='border-top:2px solid #12ADDB;box-shadow:0 1px 3px #AAAAAA;line-height:180%;padding:0 15px 12px;margin:50px auto;font-size:12px;'> <h2 style='border-bottom:1px solid #DDD;font-size:14px;font-weight:normal;padding:13px 0 10px 8px;'> <a style='text-decoration:none;color: #12ADDB;' href='{{site.url}}' target='_blank'>{{site.name}}</a>에서 댓글에 답글이 달렸습니다 </h2>{{parent.nick}}님이 작성한 댓글: <div style='padding:0 12px 0 12px;margin-top:18px'> <div style='background-color: #f5f5f5;padding: 10px 15px;margin:18px 0;word-wrap:break-word;'>{{parent.comment | safe}}</div><p><strong>{{self.nick}}</strong>님이 답글을 남겼습니다:</p><div style='background-color: #f5f5f5;padding: 10px 15px;margin:18px 0;word-wrap:break-word;'>{{self.comment | safe}}</div><p><a style='text-decoration:none; color:#12addb' href='{{site.postUrl}}' target='_blank'>전체 답글 보기</a> 또는 <a style='text-decoration:none; color:#12addb' href='{{site.url}}' target='_blank'>{{site.name}}</a> 방문.</p><br/> </div></div>",
+  "MAIL_SUBJECT_ADMIN": "{{site.name | safe}}에 새 댓글이 달렸습니다",
+  "MAIL_TEMPLATE_ADMIN": "<div style='border-top:2px solid #12ADDB;box-shadow:0 1px 3px #AAAAAA;line-height:180%;padding:0 15px 12px;margin:50px auto;font-size:12px;'> <h2 style='border-bottom:1px solid #DDD;font-size:14px;font-weight:normal;padding:13px 0 10px 8px;'> <a style='text-decoration:none;color: #12ADDB;' href='{{site.url}}' target='_blank'>{{site.name}}</a>에 새 댓글이 달렸습니다 </h2> <p><strong>{{self.nick}}</strong>님이 작성했습니다:</p><div style='background-color: #f5f5f5;padding: 10px 15px;margin:18px 0;word-wrap:break-word;'>{{self.comment | safe}}</div><p><a style='text-decoration:none; color:#12addb' href='{{site.postUrl}}' target='_blank'>페이지 보기</a></p><br/></div>"
+}

package/src/logic/base.js CHANGED Viewed

@@ -13,65 +13,9 @@ module.exports = class BaseLogic extends think.Logic {
   // oxlint-disable-next-line max-statements
   async __before() {
-    const referrer = this.ctx.referrer(true);
-    let { origin } = this.ctx;
-    if (origin) {
-      try {
-        const parsedOrigin = new URL(origin);
-        origin = parsedOrigin.hostname;
-      } catch (err) {
-        console.error('Invalid origin format:', origin, err);
-      }
-    }
-    let { secureDomains } = this.config();
-    if (secureDomains) {
-      secureDomains = think.isArray(secureDomains) ? secureDomains : [secureDomains];
-      secureDomains.push(
-        'localhost',
-        '127.0.0.1',
-        // 'github.com',
-        // 'api.twitter.com',
-        // 'www.facebook.com',
-        // 'api.weibo.com',
-        // 'graph.qq.com',
-      );
-      secureDomains = [
-        ...secureDomains,
-        ...this.ctx.state.oauthServices.map(({ origin }) => origin),
-      ];
-      // 转换可能的正则表达式字符串为正则表达式对象
-      secureDomains = secureDomains
-        .map((domain) => {
-          // 如果是正则表达式字符串，创建一个 RegExp 对象
-          if (typeof domain === 'string' && domain.startsWith('/') && domain.endsWith('/')) {
-            try {
-              return new RegExp(domain.slice(1, -1)); // 去掉斜杠并创建 RegExp 对象
-            } catch (err) {
-              console.error('Invalid regex pattern in secureDomains:', domain, err);
-              return null;
-            }
-          }
-          return domain;
-        })
-        .filter(Boolean); // 过滤掉无效的正则表达式
-      // 有 referrer 检查 referrer，没有则检查 origin
-      const checking = referrer || origin;
-      const isSafe = secureDomains.some((domain) =>
-        think.isFunction(domain.test) ? domain.test(checking) : domain === checking,
-      );
-      if (!isSafe) {
-        return this.ctx.throw(403);
-      }
+    const referrerCheckResult = this.referrerCheck();
+    if (!referrerCheckResult) {
+      return this.ctx.throw(403);
     }
     this.ctx.state.userInfo = {};
@@ -134,11 +78,67 @@ module.exports = class BaseLogic extends think.Logic {
     this.ctx.state.token = token;
   }
+  referrerCheck() {
+    let { secureDomains } = this.config();
+    if (!secureDomains) {
+      return true;
+    }
+    const whitelistPath = ['/api/comment/rss'];
+    if (this.ctx.path && whitelistPath.includes(this.ctx.path)) {
+      return true;
+    }
+    const referrer = this.ctx.referrer(true);
+    let { origin } = this.ctx;
+    if (origin) {
+      try {
+        const parsedOrigin = new URL(origin);
+        origin = parsedOrigin.hostname;
+      } catch (err) {
+        console.error('Invalid origin format:', origin, err);
+      }
+    }
+    secureDomains = think.isArray(secureDomains) ? secureDomains : [secureDomains];
+    secureDomains.push('localhost', '127.0.0.1');
+    secureDomains = [...secureDomains, ...this.ctx.state.oauthServices.map(({ origin }) => origin)];
+    // 转换可能的正则表达式字符串为正则表达式对象
+    secureDomains = secureDomains
+      .map((domain) => {
+        // 如果是正则表达式字符串，创建一个 RegExp 对象
+        if (typeof domain === 'string' && domain.startsWith('/') && domain.endsWith('/')) {
+          try {
+            return new RegExp(domain.slice(1, -1)); // 去掉斜杠并创建 RegExp 对象
+          } catch (err) {
+            console.error('Invalid regex pattern in secureDomains:', domain, err);
+            return null;
+          }
+        }
+        return domain;
+      })
+      .filter(Boolean); // 过滤掉无效的正则表达式
+    // 有 referrer 检查 referrer，没有则检查 origin
+    const checking = referrer || origin;
+    const isSafe = secureDomains.some((domain) =>
+      think.isFunction(domain.test) ? domain.test(checking) : domain === checking,
+    );
+    if (!isSafe) {
+      return this.ctx.throw(403);
+    }
+  }
   getResource() {
     const filename = this.__filename || __filename;
     const last = filename.lastIndexOf(path.sep);
-    return filename.slice(last + 1, filename.length - last - 4);
+    return filename.slice(last + 1, - 3);
   }
   getId() {

package/src/logic/comment/rss.js ADDED Viewed

@@ -0,0 +1,54 @@
+const Base = require('../base.js');
+module.exports = class extends Base {
+  /**
+   * @api {GET} /api/comment/rss Get site recent comments RSS
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  [count]  return comments number, default value is 20
+   *
+   * @apiHeader  {String}  Content-Type  application/rss+xml
+   * @apiSuccess  (200) {String}  body  RSS 2.0 xml content
+   */
+  /**
+   * @api {GET} /api/comment/rss?path= Get comments RSS for a path
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  path  comment url path
+   * @apiParam  {String}  [count]  return comments number, default value is 20
+   *
+   * @apiHeader  {String}  Content-Type  application/rss+xml
+   * @apiSuccess  (200) {String}  body  RSS 2.0 xml content
+   */
+  /**
+   * @api {GET} /api/comment/rss?email=&user_id= Get reply comments RSS for user
+   * @apiGroup Comment
+   * @apiVersion  0.0.1
+   *
+   * @apiParam  {String}  [email]  comment user email
+   * @apiParam  {String}  [user_id]  comment user id
+   * @apiParam  {String}  [count]  return comments number, default value is 20
+   *
+   * @apiHeader  {String}  Content-Type  application/rss+xml
+   * @apiSuccess  (200) {String}  body  RSS 2.0 xml content
+   */
+  getAction() {
+    this.rules = {
+      path: {
+        string: true,
+      },
+      email: {
+        email: true,
+      },
+      user_id: {
+        string: true,
+      },
+      count: {
+        int: { max: 50 },
+        default: 20,
+      },
+    };
+  }
+};