twikoo-func 1.6.44 → 1.7.0

package/index.js

@@ -29,6 +29,7 @@ const {
   getPasswordStatus,
   preCheckSpam,
   checkTurnstileCaptcha,
+  checkGeeTestCaptcha,
   getConfig,
   getConfigForAdmin,
   validate
@@ -233,6 +234,7 @@ async function commentGet (event) {
     const uid = await auth.getEndUserInfo().userInfo.uid
     const isAdminUser = await isAdmin()
     const limit = parseInt(config.COMMENT_PAGE_SIZE) || 8
+    const sort = event.sort || 'newest'
     let more = false
     let condition
     let query
@@ -254,10 +256,21 @@ async function commentGet (event) {
     // 不包含置顶
     condition.top = _.neq(true)
     query = getCommentQuery({ condition, uid, isAdminUser })
+
+    let orderField = 'created'
+    let orderDirection = 'desc'
+    if (sort === 'oldest') {
+      orderField = 'created'
+      orderDirection = 'asc'
+    } else if (sort === 'popular') {
+      orderField = 'ups'
+      orderDirection = 'desc'
+    }
+
     const main = await db
       .collection('comment')
       .where(query)
-      .orderBy('created', 'desc')
+      .orderBy(orderField, orderDirection)
       // 流式分页，通过多读 1 条的方式，确认是否还有更多评论
       .limit(limit + 1)
       .get()
@@ -514,7 +527,7 @@ async function bulkSaveComments (comments) {
   return batchRes.ids
 }
 
-// 点赞 / 取消点赞
+// 点赞 / 反对 / 取消点赞
 async function commentLike (event) {
   const res = {}
   let uid
@@ -525,25 +538,41 @@ async function commentLike (event) {
     res.message = e.message
     return res
   }
-  res.updated = await like(event.id, uid)
+  const type = event.type || 'up'
+  res.updated = await like(event.id, uid, type)
   return res
 }
 
-// 点赞 / 取消点赞
-async function like (id, uid) {
+// 点赞 / 反对 / 取消
+async function like (id, uid, type) {
   const record = db
     .collection('comment')
     .where({ _id: id })
   const comment = await record.get()
-  let likes = comment.data[0] && comment.data[0].like ? comment.data[0].like : []
-  if (likes.findIndex((item) => item === uid) === -1) {
-    // 赞
-    likes.push(uid)
-  } else {
-    // 取消赞
-    likes = likes.filter((item) => item !== uid)
+  const commentData = comment.data[0] || {}
+  const ups = commentData.ups || []
+  const downs = commentData.downs || []
+
+  let newUps = [...ups]
+  let newDowns = [...downs]
+
+  if (type === 'up') {
+    if (ups.includes(uid)) {
+      newUps = ups.filter((item) => item !== uid)
+    } else {
+      newUps.push(uid)
+      newDowns = downs.filter((item) => item !== uid)
+    }
+  } else if (type === 'down') {
+    if (downs.includes(uid)) {
+      newDowns = downs.filter((item) => item !== uid)
+    } else {
+      newDowns.push(uid)
+      newUps = ups.filter((item) => item !== uid)
+    }
   }
-  const result = await record.update({ like: likes })
+
+  const result = await record.update({ ups: newUps, downs: newDowns })
   return result.updated
 }
 
@@ -692,6 +721,16 @@ async function checkCaptcha (comment) {
       turnstileTokenSecretKey: config.TURNSTILE_SECRET_KEY
     })
   }
+  if (config.GEETEST_CAPTCHA_ID && config.GEETEST_CAPTCHA_KEY) {
+    await checkGeeTestCaptcha({
+      geeTestCaptchaId: config.GEETEST_CAPTCHA_ID,
+      geeTestCaptchaKey: config.GEETEST_CAPTCHA_KEY,
+      geeTestLotNumber: comment.geeTestLotNumber,
+      geeTestCaptchaOutput: comment.geeTestCaptchaOutput,
+      geeTestPassToken: comment.geeTestPassToken,
+      geeTestGenTime: comment.geeTestGenTime
+    })
+  }
 }
 
 async function saveSpamCheckResult (comment, isSpam) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-func",
-  "version": "1.6.44",
+  "version": "1.7.0",
   "description": "A simple comment system.",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",

package/utils/constants.js

@@ -13,7 +13,8 @@ module.exports = {
     NEED_LOGIN: 1024,
     FORBIDDEN: 1403,
     AKISMET_ERROR: 1030,
-    UPLOAD_FAILED: 1040
+    UPLOAD_FAILED: 1040,
+    NSFW_REJECTED: 1041
   },
   MAX_REQUEST_TIMES: parseInt(process.env.TWIKOO_THROTTLE) || 250
 }

package/utils/image.js

@@ -16,11 +16,19 @@ const fn = {
       if (!config.IMAGE_CDN || !config.IMAGE_CDN_TOKEN) {
         throw new Error('未配置图片上传服务')
       }
+      if (config.NSFW_API_URL) {
+        const nsfwResult = await fn.checkNsfw({ photo, config })
+        if (nsfwResult.rejected) {
+          res.code = RES_CODE.NSFW_REJECTED
+          res.err = nsfwResult.message
+          return res
+        }
+      }
       // tip: qcloud 图床走前端上传，其他图床走后端上传
       if (config.IMAGE_CDN === '7bu') {
         await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: 'https://7bu.top' })
-      } else if (config.IMAGE_CDN === 'smms') {
-        await fn.uploadImageToSmms({ photo, fileName, config, res, imageCdn: 'https://smms.app/api/v2/upload' })
+      } else if (config.IMAGE_CDN === 'see') {
+        await fn.uploadImageToSee({ photo, fileName, config, res, imageCdn: 'https://s.ee/api/v1/file/upload' })
       } else if (isUrl(config.IMAGE_CDN)) {
         await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: config.IMAGE_CDN })
       } else if (config.IMAGE_CDN === 'lskypro') {
@@ -29,6 +37,8 @@ const fn = {
         await fn.uploadImageToPicList({ photo, fileName, config, res, imageCdn: config.IMAGE_CDN_URL })
       } else if (config.IMAGE_CDN === 'easyimage') {
         await fn.uploadImageToEasyImage({ photo, fileName, config, res })
+      } else if (config.IMAGE_CDN === 'chevereto') {
+        await fn.uploadImageToChevereto({ photo, fileName, config, res })
       } else {
         throw new Error('不支持的图片上传服务')
       }
@@ -39,8 +49,35 @@ const fn = {
     }
     return res
   },
-  async uploadImageToSmms ({ photo, fileName, config, res, imageCdn }) {
-    // SM.MS 图床 https://sm.ms
+  async checkNsfw ({ photo, config }) {
+    const result = { rejected: false, message: '' }
+    try {
+      const threshold = parseFloat(config.NSFW_THRESHOLD) || 0.5
+      const apiUrl = config.NSFW_API_URL.replace(/\/$/, '')
+      const formData = new FormData()
+      formData.append('image', fn.base64UrlToReadStream(photo, 'nsfw_check.jpg'))
+      const response = await axios.post(`${apiUrl}/classify`, formData, {
+        headers: {
+          ...formData.getHeaders()
+        },
+        timeout: 30000
+      })
+      const scores = response.data
+      if (scores && typeof scores === 'object') {
+        const nsfwScore = (scores.porn || 0) + (scores.hentai || 0) + (scores.sexy || 0)
+        logger.info('NSFW检测分数:', nsfwScore, '阈值:', threshold)
+        if (nsfwScore > threshold) {
+          result.rejected = true
+          result.message = `图片包含不当内容，检测分数 ${nsfwScore.toFixed(3)} 超过阈值 ${threshold}`
+        }
+      }
+    } catch (e) {
+      logger.error('NSFW检测失败:', e.message)
+    }
+    return result
+  },
+  async uploadImageToSee ({ photo, fileName, config, res, imageCdn }) {
+    // S.EE 图床 https://s.ee (原 SM.MS)
     const formData = new FormData()
     formData.append('smfile', fn.base64UrlToReadStream(photo, fileName))
     const uploadResult = await axios.post(imageCdn, formData, {
@@ -148,6 +185,35 @@ const fn = {
       throw new Error(errorMsg)
     }
   },
+  async uploadImageToChevereto ({ photo, fileName, config, res }) {
+    if (!config.IMAGE_CDN_URL) {
+      throw new Error('未配置 Chevereto 站点地址 (IMAGE_CDN_URL)')
+    }
+    if (!config.IMAGE_CDN_TOKEN) {
+      throw new Error('未配置 Chevereto API Key (IMAGE_CDN_TOKEN)')
+    }
+    const formData = new FormData()
+    formData.append('key', config.IMAGE_CDN_TOKEN)
+    formData.append('source', fn.base64UrlToReadStream(photo, fileName))
+    formData.append('format', 'json')
+    const apiUrl = config.IMAGE_CDN_URL.replace(/\/$/, '') + '/api/1/upload'
+    const uploadResult = await axios.post(apiUrl, formData, {
+      headers: {
+        ...formData.getHeaders()
+      }
+    })
+    const data = uploadResult.data
+    if (data.status_code === 200 && data.image && data.image.url) {
+      res.data = {
+        url: data.image.url,
+        thumb: data.image.thumb ? data.image.thumb.url : data.image.url,
+        del: data.image.delete_url
+      }
+    } else {
+      const errMsg = (data.error && data.error.message) || JSON.stringify(data)
+      throw new Error(`Chevereto 上传失败: ${errMsg}`)
+    }
+  },
   base64UrlToReadStream (base64Url, fileName) {
     const base64 = base64Url.split(';base64,').pop()
     const writePath = path.resolve(os.tmpdir(), fileName)

package/utils/index.js

@@ -75,6 +75,8 @@ const fn = {
       }
     }
     const showRegion = !!config.SHOW_REGION && config.SHOW_REGION !== 'false'
+    const ups = comment.ups || []
+    const downs = comment.downs || []
     return {
       id: comment._id.toString(),
       nick: comment.nick,
@@ -87,7 +89,10 @@ const fn = {
       ipRegion: showRegion ? fn.getIpRegion({ ip: comment.ip }) : '',
       master: comment.master,
       like: comment.like ? comment.like.length : 0,
-      liked: comment.like ? comment.like.findIndex((item) => item === uid) > -1 : false,
+      ups: ups.length,
+      downs: downs.length,
+      liked: ups.includes(uid),
+      disliked: downs.includes(uid),
       replies: replies,
       rid: comment.rid,
       pid: comment.pid,
@@ -111,7 +116,8 @@ const fn = {
           12: 'Monterey',
           13: 'Ventura',
           14: 'Sonoma',
-          15: 'Sequoia'
+          15: 'Sequoia',
+          16: 'Tahoe'
         }[majorPlatformVersion]
       } else if (os.name === 'Android') {
         const majorPlatformVersion = os.version.split('.')[0]
@@ -303,6 +309,34 @@ const fn = {
       throw new Error('验证码检测失败: ' + e.message)
     }
   },
+  async checkGeeTestCaptcha ({ geeTestCaptchaId, geeTestCaptchaKey, geeTestLotNumber, geeTestCaptchaOutput, geeTestPassToken, geeTestGenTime }) {
+    try {
+      logger.log('极验验证参数:', { geeTestCaptchaId, geeTestCaptchaKey: geeTestCaptchaKey ? '***' : undefined, geeTestLotNumber })
+      const crypto = require('crypto')
+      const signToken = crypto
+        .createHmac('sha256', geeTestCaptchaKey)
+        .update(geeTestLotNumber)
+        .digest('hex')
+      const params = new URLSearchParams()
+      params.append('lot_number', geeTestLotNumber)
+      params.append('captcha_output', geeTestCaptchaOutput)
+      params.append('pass_token', geeTestPassToken)
+      params.append('gen_time', geeTestGenTime)
+      params.append('sign_token', signToken)
+      logger.log('极验请求参数:', params.toString())
+      const url = `https://gcaptcha4.geetest.com/validate?captcha_id=${geeTestCaptchaId}`
+      const { data } = await axios.post(url, params.toString(), {
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
+      })
+      logger.log('极验验证码检测结果', JSON.stringify(data))
+      if (data.result !== 'success') {
+        logger.error('极验验证失败详情:', data)
+        throw new Error(data.reason || data.msg || '验证码错误')
+      }
+    } catch (e) {
+      throw new Error('极验验证码检测失败: ' + e.message)
+    }
+  },
   async getConfig ({ config, VERSION, isAdmin }) {
     return {
       code: RES_CODE.SUCCESS,
@@ -328,7 +362,9 @@ const fn = {
         HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
         HIGHLIGHT_PLUGIN: config.HIGHLIGHT_PLUGIN,
         LIMIT_LENGTH: config.LIMIT_LENGTH,
-        TURNSTILE_SITE_KEY: config.TURNSTILE_SITE_KEY
+        TURNSTILE_SITE_KEY: config.TURNSTILE_SITE_KEY,
+        GEETEST_CAPTCHA_ID: config.GEETEST_CAPTCHA_ID,
+        QQ_API_KEY: config.QQ_API_KEY
       }
     }
   },