@waline/vercel 1.39.1 → 1.39.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/src/controller/oauth.js +5 -7
  3. package/src/logic/base.js +2 -4
  4. package/src/service/markdown/xss.js +7 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@waline/vercel",
3
- "version": "1.39.1",
3
+ "version": "1.39.3",
4
4
  "description": "vercel server for waline comment system",
5
5
  "keywords": [
6
6
  "blog",
package/src/controller/oauth.js CHANGED
@@ -7,12 +7,10 @@ module.exports = class extends think.Controller {
7
7
  }
8
8
 
9
9
  async indexAction() {
10
- const { code, oauth_verifier, oauth_token, type, redirect } = this.get();
10
+ const { code, state, type, redirect } = this.get();
11
11
  const { oauthUrl } = this.config();
12
12
 
13
- const hasCode = type === 'twitter' ? oauth_token && oauth_verifier : Boolean(code);
14
-
15
- if (!hasCode) {
13
+ if (!code) {
16
14
  const { serverURL } = this.ctx;
17
15
  const redirectUrl = think.buildUrl(`${serverURL}/api/oauth`, {
18
16
  redirect,
@@ -31,7 +29,7 @@ module.exports = class extends think.Controller {
31
29
  /**
32
30
  * user = { id, name, email, avatar,url };
33
31
  */
34
- const params = { code, oauth_verifier, oauth_token };
32
+ const params = { code, state };
35
33
 
36
34
  if (type === 'facebook') {
37
35
  const { serverURL } = this.ctx;
@@ -102,14 +100,14 @@ module.exports = class extends think.Controller {
102
100
  type: think.isEmpty(count) ? 'administrator' : 'guest',
103
101
  };
104
102
 
105
- await this.modelInstance.add(data);
103
+ const cmtUser = await this.modelInstance.add(data);
106
104
 
107
105
  if (!redirect) {
108
106
  return this.success();
109
107
  }
110
108
 
111
109
  // and then generate token!
112
- const token = jwt.sign(user.objectId, this.config('jwtKey'));
110
+ const token = jwt.sign(cmtUser.objectId, this.config('jwtKey'));
113
111
 
114
112
  this.redirect(redirect + (redirect.includes('?') ? '&' : '?') + 'token=' + token);
115
113
  }
package/src/logic/base.js CHANGED
@@ -129,16 +129,14 @@ module.exports = class BaseLogic extends think.Logic {
129
129
  think.isFunction(domain.test) ? domain.test(checking) : domain === checking,
130
130
  );
131
131
 
132
- if (!isSafe) {
133
- return this.ctx.throw(403);
134
- }
132
+ return isSafe;
135
133
  }
136
134
 
137
135
  getResource() {
138
136
  const filename = this.__filename || __filename;
139
137
  const last = filename.lastIndexOf(path.sep);
140
138
 
141
- return filename.slice(last + 1, - 3);
139
+ return filename.slice(last + 1, -3);
142
140
  }
143
141
 
144
142
  getId() {
package/src/service/markdown/xss.js CHANGED
@@ -3,6 +3,13 @@ const { JSDOM } = require('jsdom');
3
3
 
4
4
  const DOMPurify = createDOMPurify(new JSDOM('').window);
5
5
 
6
+ // try to fix https://github.com/walinejs/waline/issues/3238
7
+ DOMPurify.addHook('uponSanitizeElement', (node, data) => {
8
+ if (data.tagName === 'annotation') {
9
+ node.remove();
10
+ }
11
+ });
12
+
6
13
  /**
7
14
  * Add a hook to make all links open a new window
8
15
  * and force their rel to be 'nofollow noreferrer noopener'