@waline/vercel 1.7.0 → 1.9.0

package/README.md

@@ -1,6 +1,6 @@
-## @waline/vercel
+# @waline/vercel
 
-![](https://img.shields.io/npm/v/@waline/vercel?color=blue&logo=npm&style=flat-square)
+![Version](https://img.shields.io/npm/v/@waline/vercel?color=blue&logo=npm&style=flat-square)
 
 This is the backend for Waline comment system.
 
@@ -20,6 +20,6 @@ We support [Akismet](https://akismet.com/) spam protection service default. If y
 
 ## Deploy
 
-[ ![](https://vercel.com/button) ](https://vercel.com/import/project?template=https://github.com/walinejs/waline/tree/main/example)
+[![Deploy button](https://vercel.com/button)](https://vercel.com/import/project?template=https://github.com/walinejs/waline/tree/main/example)
 
 Click it to deploy quickly!

package/package.json

@@ -1,41 +1,40 @@
 {
   "name": "@waline/vercel",
-  "version": "1.7.0",
+  "version": "1.9.0",
   "description": "vercel server for waline comment system",
   "repository": "https://github.com/walinejs/waline",
   "license": "MIT",
   "author": "lizheming <i@imnerd.org>",
   "dependencies": {
-    "@byteinspire/api": "^1.0.12",
-    "@cloudbase/node-sdk": "^2.7.1",
-    "@koa/cors": "^3.1.0",
+    "@cloudbase/node-sdk": "^2.9.0",
+    "@koa/cors": "^3.2.0",
     "akismet": "^2.0.6",
-    "deta": "^1.0.1",
-    "dompurify": "^2.3.3",
+    "deta": "^1.1.0",
+    "dompurify": "^2.3.6",
     "fast-csv": "^4.3.6",
-    "jsdom": "^18.0.0",
+    "jsdom": "^19.0.0",
     "jsonwebtoken": "^8.5.1",
-    "katex": "^0.13.23",
-    "leancloud-storage": "^4.12.0",
+    "katex": "^0.15.3",
+    "leancloud-storage": "^4.12.2",
     "markdown-it": "^12.3.2",
     "markdown-it-emoji": "^2.0.0",
     "markdown-it-sub": "^1.0.0",
     "markdown-it-sup": "^1.0.0",
     "mathjax-full": "^3.2.0",
-    "nodemailer": "^6.7.0",
+    "nodemailer": "^6.7.3",
     "nunjucks": "^3.2.3",
     "phpass": "^0.1.1",
-    "prismjs": "^1.25.0",
+    "prismjs": "^1.27.0",
     "request": "^2.88.2",
     "request-promise-native": "^1.0.9",
-    "think-logger3": "^1.2.1",
+    "think-logger3": "^1.3.1",
     "think-model": "^1.5.4",
-    "think-model-mysql": "^1.1.6",
+    "think-model-mysql": "^1.1.7",
     "think-model-postgresql": "^1.1.6",
     "think-model-sqlite": "^1.2.2",
     "think-mongo": "^2.1.2",
     "think-router-rest": "^1.0.5",
     "thinkjs": "^3.2.14",
-    "ua-parser-js": "^0.7.31"
+    "ua-parser-js": "^1.0.2"
   }
 }

package/src/config/adapter.js

@@ -37,10 +37,9 @@ const {
 } = process.env;
 
 let type = 'common';
-let mongoOpt = {
-  replicaSet: MONGO_REPLICASET,
-  authSource: MONGO_AUTHSOURCE,
-};
+const mongoOpt = {};
+if (MONGO_REPLICASET) mongoOpt.replicaSet = MONGO_REPLICASET;
+if (MONGO_AUTHSOURCE) mongoOpt.authSource = MONGO_AUTHSOURCE;
 
 if (MONGO_DB) {
   type = 'mongo';

package/src/config/config.js

@@ -17,7 +17,6 @@ const {
   AVATAR_PROXY,
   GITHUB_TOKEN,
   DETA_PROJECT_KEY,
-  INSPIRECLOUD_SERVICE_SECRET,
   OAUTH_URL,
 
   MARKDOWN_CONFIG = '{}',
@@ -64,9 +63,6 @@ if (LEAN_KEY) {
 } else if (DETA_PROJECT_KEY) {
   storage = 'deta';
   jwtKey = jwtKey || DETA_PROJECT_KEY;
-} else if (INSPIRECLOUD_SERVICE_SECRET) {
-  storage = 'inspirecloud';
-  jwtKey = jwtKey || INSPIRECLOUD_SERVICE_SECRET;
 }
 
 if (think.env === 'cloudbase' && storage === 'sqlite') {

package/src/controller/comment.js

@@ -441,7 +441,12 @@ module.exports = class extends BaseRest {
 
   async putAction() {
     const data = this.post();
-    const oldData = await this.modelInstance.select({ objectId: this.id });
+    let oldData = await this.modelInstance.select({ objectId: this.id });
+    if (think.isEmpty(oldData)) {
+      return this.success();
+    }
+
+    oldData = oldData[0];
     const preUpdateResp = await this.hook('preUpdate', {
       ...data,
       objectId: this.id,
@@ -451,18 +456,22 @@ module.exports = class extends BaseRest {
       return this.fail(preUpdateResp);
     }
 
-    await this.modelInstance.update(data, { objectId: this.id });
+    const newData = await this.modelInstance.update(data, {
+      objectId: this.id,
+    });
 
     if (
       oldData.status === 'waiting' &&
       data.status === 'approved' &&
       oldData.pid
     ) {
-      let pComment = await this.modelInstance.select({ objectId: oldData.pid });
+      let pComment = await this.modelInstance.select({
+        objectId: oldData.pid,
+      });
       pComment = pComment[0];
 
       const notify = this.service('notify');
-      await notify.run(oldData, pComment, true);
+      await notify.run(newData, pComment, true);
     }
 
     await this.hook('postUpdate', data);

package/src/controller/db.js

@@ -0,0 +1,56 @@
+const fs = require('fs/promises');
+const BaseRest = require('./rest');
+
+module.exports = class extends BaseRest {
+  async getAction() {
+    const exportData = {
+      type: 'waline',
+      version: 1,
+      time: Date.now(),
+      tables: ['Comment', 'Counter', 'Users'],
+      data: {
+        Comment: [],
+        Counter: [],
+        Users: [],
+      },
+    };
+
+    for (let i = 0; i < exportData.tables.length; i++) {
+      const tableName = exportData.tables[i];
+      const model = this.model(tableName);
+      const data = await model.select({});
+      exportData.data[tableName] = data;
+    }
+
+    return this.success(exportData);
+  }
+
+  async postAction() {
+    const file = this.file('file');
+    try {
+      const jsonText = await fs.readFile(file.path, 'utf-8');
+      const importData = JSON.parse(jsonText);
+      if (!importData || importData.type !== 'waline') {
+        return this.fail('import data format not support!');
+      }
+
+      for (let i = 0; i < importData.tables.length; i++) {
+        const tableName = importData.tables[i];
+        const model = this.model(tableName);
+
+        // delete all data at first
+        await model.delete({});
+        // then add data one by one
+        for (let j = 0; j < importData.data[tableName].length; j++) {
+          await model.add(importData.data[tableName][j]);
+        }
+      }
+      return this.success();
+    } catch (e) {
+      if (think.isPrevent(e)) {
+        return this.success();
+      }
+      return this.fail(e.message);
+    }
+  }
+};

package/src/controller/index.js

@@ -19,10 +19,11 @@ module.exports = class extends think.Controller {
           'color: white; background: #0078E7; padding:5px 0;',
           'padding:4px;border:1px solid #0078E7;'
         );
+        const params = new URLSearchParams(location.search.slice(1));
         const waline = new Waline({
           el: '#waline',
-          path: '/',
-          lang: new URLSearchParams(location.search.slice(1)).get('lng'),
+          path: params.get('path') || '/',
+          lang: params.get('lng'),
           serverURL: location.protocol + '//' + location.host + location.pathname.replace(/\\/+$/, '')
         });
       </script>

package/src/logic/base.js

@@ -17,7 +17,13 @@ module.exports = class extends think.Logic {
       secureDomains = think.isArray(secureDomains)
         ? secureDomains
         : [secureDomains];
-      secureDomains.push('localhost', '127.0.0.1', 'github.com');
+      secureDomains.push(
+        'localhost',
+        '127.0.0.1',
+        'github.com',
+        'api.twitter.com',
+        'www.facebook.com'
+      );
 
       const match = secureDomains.some((domain) =>
         think.isFunction(domain.test)

package/src/logic/db.js

@@ -0,0 +1,30 @@
+const Base = require('./base');
+
+module.exports = class extends Base {
+  async __before(...args) {
+    await super.__before(...args);
+
+    const { userInfo } = this.ctx.state;
+    if (think.isEmpty(userInfo)) {
+      return this.fail(401);
+    }
+
+    if (userInfo.type !== 'administrator') {
+      return this.fail(403);
+    }
+  }
+
+  /**
+   * @api {GET} /db export site data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   */
+  async getAction() {}
+
+  /**
+   * @api {GET} /db import site data
+   * @apiGroup Site
+   * @apiVersion  0.0.1
+   */
+  async postAction() {}
+};

package/src/service/avatar.js

@@ -5,6 +5,15 @@ const { GRAVATAR_STR } = process.env;
 const env = new nunjucks.Environment();
 env.addFilter('md5', (str) => helper.md5(str));
 
+const DEFAULT_GRAVATAR_STR = `{%- set numExp = r/^[0-9]+$/g -%}
+{%- set qqMailExp = r/^[0-9]+@qq.com$/ig -%}
+{%- if numExp.test(nick) -%}
+  https://q1.qlogo.cn/g?b=qq&nk={{nick}}&s=100
+{%- elif qqMailExp.test(mail) -%}
+  https://q1.qlogo.cn/g?b=qq&nk={{mail|replace('@qq.com', '')}}&s=100
+{%- else -%}
+  https://seccdn.libravatar.org/avatar/{{mail|md5}}
+{%- endif -%}`;
 module.exports = class extends think.Service {
   async stringify(comment) {
     const fn = think.config('avatarUrl');
@@ -15,8 +24,7 @@ module.exports = class extends think.Service {
       }
     }
 
-    const gravatarStr =
-      GRAVATAR_STR || 'https://seccdn.libravatar.org/avatar/{{mail|md5}}';
+    const gravatarStr = GRAVATAR_STR || DEFAULT_GRAVATAR_STR;
     return env.renderString(gravatarStr, comment);
   }
 };

package/src/service/markdown/xss.js

@@ -28,10 +28,16 @@ DOMPurify.addHook('afterSanitizeAttributes', function (node) {
 });
 
 const sanitize = (content) =>
-  DOMPurify.sanitize(content, {
-    FORBID_TAGS: ['form', 'input', 'style'],
-    FORBID_ATTR: ['autoplay', 'style'],
-  });
+  DOMPurify.sanitize(
+    content,
+    Object.assign(
+      {
+        FORBID_TAGS: ['form', 'input', 'style'],
+        FORBID_ATTR: ['autoplay', 'style'],
+      },
+      think.config('domPurify') || {}
+    )
+  );
 
 module.exports = {
   sanitize,

package/src/service/notify.js

@@ -273,6 +273,50 @@ module.exports = class extends think.Service {
     });
   }
 
+  async pushplus({ title, content }, self, parent) {
+    const {
+      PUSH_PLUS_KEY,
+      PUSH_PLUS_TOPIC: topic,
+      PUSH_PLUS_TEMPLATE: template,
+      PUSH_PLUS_CHANNEL: channel,
+      PUSH_PLUS_WEBHOOK: webhook,
+      PUSH_PLUS_CALLBACKURL: callbackUrl,
+      SITE_NAME,
+      SITE_URL,
+    } = process.env;
+
+    if (!PUSH_PLUS_KEY) {
+      return false;
+    }
+
+    const data = {
+      self,
+      parent,
+      site: {
+        name: SITE_NAME,
+        url: SITE_URL,
+        postUrl: SITE_URL + self.url + '#' + self.objectId,
+      },
+    };
+    title = nunjucks.renderString(title, data);
+    content = nunjucks.renderString(content, data);
+
+    return request({
+      uri: `http://www.pushplus.plus/send/${PUSH_PLUS_KEY}`,
+      method: 'POST',
+      form: {
+        title,
+        content,
+        topic,
+        template,
+        channel,
+        webhook,
+        callbackUrl,
+      },
+      json: true,
+    });
+  }
+
   async run(comment, parent, disableAuthorNotify = false) {
     const { AUTHOR_EMAIL, BLOGGER_EMAIL } = process.env;
     const { mailSubject, mailTemplate, mailSubjectAdmin, mailTemplateAdmin } =
@@ -312,11 +356,10 @@ module.exports = class extends think.Service {
       );
       const qq = await this.qq(comment, parent);
       const telegram = await this.telegram(comment, parent);
+      const pushplus = await this.pushplus({ title, content }, comment, parent);
+      console.log(pushplus);
       if (
-        think.isEmpty(wechat) &&
-        think.isEmpty(qq) &&
-        think.isEmpty(telegram) &&
-        think.isEmpty(qywxAmWechat) &&
+        [wechat, qq, telegram, qywxAmWechat, pushplus].every(think.isEmpty) &&
         !isReplyAuthor
       ) {
         mailList.push({ to: AUTHOR, title, content });

package/src/service/storage/inspirecloud.js

@@ -1,180 +0,0 @@
-const inspirecloud = require('@byteinspire/api');
-const Base = require('./base');
-
-module.exports = class extends Base {
-  constructor(tableName) {
-    super(tableName);
-    this.db = inspirecloud.db;
-  }
-
-  parseWhere(where) {
-    const _where = {};
-    if (think.isEmpty(where)) {
-      return _where;
-    }
-
-    const parseKey = (k) => (k === 'objectId' ? '_id' : k);
-    for (const k in where) {
-      if (k === '_complex') {
-        continue;
-      }
-
-      if (think.isString(where[k])) {
-        _where[parseKey(k)] =
-          k === 'objectId' ? this.db.ObjectId(where[k]) : where[k];
-        continue;
-      }
-      if (where[k] === undefined) {
-        _where[parseKey(k)] = undefined;
-      }
-      if (Array.isArray(where[k])) {
-        if (where[k][0]) {
-          const handler = where[k][0].toUpperCase();
-          switch (handler) {
-            case 'IN':
-              _where[parseKey(k)] = {
-                $in:
-                  k === 'objectId'
-                    ? where[k][1].map(this.db.ObjectId)
-                    : where[k][1],
-              };
-              break;
-            case 'NOT IN':
-              _where[parseKey(k)] = {
-                $nin:
-                  k === 'objectId'
-                    ? where[k][1].map(this.db.ObjectId)
-                    : where[k][1],
-              };
-              break;
-            case 'LIKE': {
-              const first = where[k][1][0];
-              const last = where[k][1].slice(-1);
-              let reg;
-              if (first === '%' && last === '%') {
-                reg = new RegExp(where[k][1].slice(1, -1));
-              } else if (first === '%') {
-                reg = new RegExp(where[k][1].slice(1) + '$');
-              } else if (last === '%') {
-                reg = new RegExp('^' + where[k][1].slice(0, -1));
-              }
-              _where[parseKey(k)] = { $regex: reg };
-              break;
-            }
-            case '!=':
-              _where[parseKey(k)] = { $ne: where[k] };
-              break;
-            case '>':
-              _where[parseKey(k)] = { $gt: where[k] };
-              break;
-          }
-        }
-      }
-    }
-
-    return _where;
-  }
-
-  where(where) {
-    const filter = this.parseWhere(where);
-    if (!where._complex) {
-      return filter;
-    }
-
-    const filters = [];
-    for (const k in where._complex) {
-      if (k === '_logic') {
-        continue;
-      }
-
-      filters.push({
-        ...this.parseWhere({ [k]: where._complex[k] }),
-        ...filter,
-      });
-    }
-
-    return { [`$${where._complex._logic}`]: filters };
-  }
-
-  async _select(where, { desc, limit, offset, field } = {}) {
-    const instance = this.db.table(this.tableName);
-    const query = instance.where(this.where(where));
-
-    if (desc) {
-      query.sort({ [desc]: -1 });
-    }
-    if (limit) {
-      query.limit(limit);
-    }
-    if (offset) {
-      query.skip(offset);
-    }
-    if (field) {
-      const _field = {};
-      field.forEach((f) => {
-        _field[f] = 1;
-      });
-      query.projection(_field);
-    }
-
-    const data = await query.find();
-    data.forEach((item) => {
-      item.objectId = item._id.toString();
-      delete item._id;
-    });
-    return data;
-  }
-
-  async select(where, options = {}) {
-    let data = [];
-    let ret = [];
-    let offset = options.offset || 0;
-    do {
-      options.offset = offset + data.length;
-      ret = await this._select(where, options);
-      data = data.concat(ret);
-    } while (ret.length === 1000);
-
-    return data;
-  }
-
-  async count(where = {}) {
-    const instance = this.db.table(this.tableName);
-    const query = instance.where(this.where(where));
-
-    return query.count();
-  }
-
-  async add(data) {
-    const instance = this.db.table(this.tableName);
-    const tableData = instance.create(data);
-    await instance.save(tableData);
-
-    tableData.objectId = tableData._id.toString();
-    delete tableData._id;
-    return tableData;
-  }
-
-  async update(data, where) {
-    const instance = this.db.table(this.tableName);
-    const query = instance.where(this.where(where));
-    const items = await query.find();
-
-    return Promise.all(
-      items.map(async (item) => {
-        const updateData = typeof data === 'function' ? data(item) : data;
-        for (const k in updateData) {
-          item[k] = updateData[k];
-        }
-        await instance.save(item);
-        return item;
-      })
-    );
-  }
-
-  async delete(where) {
-    const instance = this.db.table(this.tableName);
-    const query = instance.where(this.where(where));
-    return query.delete();
-  }
-};