@waline/vercel 1.39.2 → 1.39.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/controller/oauth.js +5 -7
  3. package/src/service/markdown/xss.js +7 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@waline/vercel",
3
- "version": "1.39.2",
3
+ "version": "1.39.3",
4
4
  "description": "vercel server for waline comment system",
5
5
  "keywords": [
6
6
  "blog",
package/src/controller/oauth.js CHANGED
@@ -7,12 +7,10 @@ module.exports = class extends think.Controller {
7
7
  }
8
8
 
9
9
  async indexAction() {
10
- const { code, oauth_verifier, oauth_token, type, redirect } = this.get();
10
+ const { code, state, type, redirect } = this.get();
11
11
  const { oauthUrl } = this.config();
12
12
 
13
- const hasCode = type === 'twitter' ? oauth_token && oauth_verifier : Boolean(code);
14
-
15
- if (!hasCode) {
13
+ if (!code) {
16
14
  const { serverURL } = this.ctx;
17
15
  const redirectUrl = think.buildUrl(`${serverURL}/api/oauth`, {
18
16
  redirect,
@@ -31,7 +29,7 @@ module.exports = class extends think.Controller {
31
29
  /**
32
30
  * user = { id, name, email, avatar,url };
33
31
  */
34
- const params = { code, oauth_verifier, oauth_token };
32
+ const params = { code, state };
35
33
 
36
34
  if (type === 'facebook') {
37
35
  const { serverURL } = this.ctx;
@@ -102,14 +100,14 @@ module.exports = class extends think.Controller {
102
100
  type: think.isEmpty(count) ? 'administrator' : 'guest',
103
101
  };
104
102
 
105
- await this.modelInstance.add(data);
103
+ const cmtUser = await this.modelInstance.add(data);
106
104
 
107
105
  if (!redirect) {
108
106
  return this.success();
109
107
  }
110
108
 
111
109
  // and then generate token!
112
- const token = jwt.sign(user.objectId, this.config('jwtKey'));
110
+ const token = jwt.sign(cmtUser.objectId, this.config('jwtKey'));
113
111
 
114
112
  this.redirect(redirect + (redirect.includes('?') ? '&' : '?') + 'token=' + token);
115
113
  }
package/src/service/markdown/xss.js CHANGED
@@ -3,6 +3,13 @@ const { JSDOM } = require('jsdom');
3
3
 
4
4
  const DOMPurify = createDOMPurify(new JSDOM('').window);
5
5
 
6
+ // try to fix https://github.com/walinejs/waline/issues/3238
7
+ DOMPurify.addHook('uponSanitizeElement', (node, data) => {
8
+ if (data.tagName === 'annotation') {
9
+ node.remove();
10
+ }
11
+ });
12
+
6
13
  /**
7
14
  * Add a hook to make all links open a new window
8
15
  * and force their rel to be 'nofollow noreferrer noopener'