npm - twikoo-func - Versions diffs - 1.6.45 → 1.7.1 - Mend

twikoo-func 1.6.45 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/index.js CHANGED Viewed

@@ -26,9 +26,11 @@ const {
   isQQ,
   addQQMailSuffix,
   getQQAvatar,
+  getQQNick,
   getPasswordStatus,
   preCheckSpam,
   checkTurnstileCaptcha,
+  checkGeeTestCaptcha,
   getConfig,
   getConfigForAdmin,
   validate
@@ -137,6 +139,9 @@ exports.main = async (event, context) => {
       case 'UPLOAD_IMAGE': // >= 1.5.0
         res = await uploadImage(event, config)
         break
+      case 'GET_QQ_NICK': // >= 1.7.0
+        res = await qqNickGet(event)
+        break
       case 'COMMENT_EXPORT_FOR_ADMIN': // >= 1.6.13
         res = await commentExportForAdmin(event)
         break
@@ -233,6 +238,7 @@ async function commentGet (event) {
     const uid = await auth.getEndUserInfo().userInfo.uid
     const isAdminUser = await isAdmin()
     const limit = parseInt(config.COMMENT_PAGE_SIZE) || 8
+    const sort = event.sort || 'newest'
     let more = false
     let condition
     let query
@@ -254,10 +260,21 @@ async function commentGet (event) {
     // 不包含置顶
     condition.top = _.neq(true)
     query = getCommentQuery({ condition, uid, isAdminUser })
+    let orderField = 'created'
+    let orderDirection = 'desc'
+    if (sort === 'oldest') {
+      orderField = 'created'
+      orderDirection = 'asc'
+    } else if (sort === 'popular') {
+      orderField = 'ups'
+      orderDirection = 'desc'
+    }
     const main = await db
       .collection('comment')
       .where(query)
-      .orderBy('created', 'desc')
+      .orderBy(orderField, orderDirection)
       // 流式分页，通过多读 1 条的方式，确认是否还有更多评论
       .limit(limit + 1)
       .get()
@@ -514,7 +531,7 @@ async function bulkSaveComments (comments) {
   return batchRes.ids
 }
-// 点赞 / 取消点赞
+// 点赞 / 反对 / 取消点赞
 async function commentLike (event) {
   const res = {}
   let uid
@@ -525,25 +542,41 @@ async function commentLike (event) {
     res.message = e.message
     return res
   }
-  res.updated = await like(event.id, uid)
+  const type = event.type || 'up'
+  res.updated = await like(event.id, uid, type)
   return res
 }
-// 点赞 / 取消点赞
-async function like (id, uid) {
+// 点赞 / 反对 / 取消
+async function like (id, uid, type) {
   const record = db
     .collection('comment')
     .where({ _id: id })
   const comment = await record.get()
-  let likes = comment.data[0] && comment.data[0].like ? comment.data[0].like : []
-  if (likes.findIndex((item) => item === uid) === -1) {
-    // 赞
-    likes.push(uid)
-  } else {
-    // 取消赞
-    likes = likes.filter((item) => item !== uid)
+  const commentData = comment.data[0] || {}
+  const ups = commentData.ups || []
+  const downs = commentData.downs || []
+  let newUps = [...ups]
+  let newDowns = [...downs]
+  if (type === 'up') {
+    if (ups.includes(uid)) {
+      newUps = ups.filter((item) => item !== uid)
+    } else {
+      newUps.push(uid)
+      newDowns = downs.filter((item) => item !== uid)
+    }
+  } else if (type === 'down') {
+    if (downs.includes(uid)) {
+      newDowns = downs.filter((item) => item !== uid)
+    } else {
+      newDowns.push(uid)
+      newUps = ups.filter((item) => item !== uid)
+    }
   }
-  const result = await record.update({ like: likes })
+  const result = await record.update({ ups: newUps, downs: newDowns })
   return result.updated
 }
@@ -685,7 +718,27 @@ async function limitFilter () {
 }
 async function checkCaptcha (comment) {
-  if (config.TURNSTILE_SITE_KEY && config.TURNSTILE_SECRET_KEY) {
+  const provider = config.CAPTCHA_PROVIDER
+  if ((!provider || provider === 'Turnstile') && config.TURNSTILE_SITE_KEY && config.TURNSTILE_SECRET_KEY) {
+    await checkTurnstileCaptcha({
+      ip: auth.getClientIP(),
+      turnstileToken: comment.turnstileToken,
+      turnstileTokenSecretKey: config.TURNSTILE_SECRET_KEY
+    })
+  }
+  if ((!provider || provider === 'Geetest') && config.GEETEST_CAPTCHA_ID && config.GEETEST_CAPTCHA_KEY) {
+    await checkGeeTestCaptcha({
+      geeTestCaptchaId: config.GEETEST_CAPTCHA_ID,
+      geeTestCaptchaKey: config.GEETEST_CAPTCHA_KEY,
+      geeTestLotNumber: comment.geeTestLotNumber,
+      geeTestCaptchaOutput: comment.geeTestCaptchaOutput,
+      geeTestPassToken: comment.geeTestPassToken,
+      geeTestGenTime: comment.geeTestGenTime
+    })
+  } else if (config.TURNSTILE_SITE_KEY) {
+    if (!config.TURNSTILE_SECRET_KEY) {
+      throw new Error('Turnstile 验证码配置不完整，缺少 TURNSTILE_SECRET_KEY')
+    }
     await checkTurnstileCaptcha({
       ip: auth.getClientIP(),
       turnstileToken: comment.turnstileToken,
@@ -840,6 +893,21 @@ async function getRecentComments (event) {
   return res
 }
+// 获取 QQ 昵称
+async function qqNickGet (event) {
+  const res = {}
+  try {
+    validate(event, ['qq'])
+    const nick = await getQQNick(event.qq, config.QQ_API_KEY)
+    res.code = RES_CODE.SUCCESS
+    res.nick = nick
+  } catch (e) {
+    res.code = RES_CODE.FAIL
+    res.message = e.message
+  }
+  return res
+}
 // 修改配置
 async function setConfig (event) {
   const isAdminUser = await isAdmin()

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-func",
-  "version": "1.6.45",
+  "version": "1.7.1",
   "description": "A simple comment system.",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",

package/utils/constants.js CHANGED Viewed

@@ -13,7 +13,8 @@ module.exports = {
     NEED_LOGIN: 1024,
     FORBIDDEN: 1403,
     AKISMET_ERROR: 1030,
-    UPLOAD_FAILED: 1040
+    UPLOAD_FAILED: 1040,
+    NSFW_REJECTED: 1041
   },
   MAX_REQUEST_TIMES: parseInt(process.env.TWIKOO_THROTTLE) || 250
 }

package/utils/image.js CHANGED Viewed

@@ -16,6 +16,14 @@ const fn = {
       if (!config.IMAGE_CDN || !config.IMAGE_CDN_TOKEN) {
         throw new Error('未配置图片上传服务')
       }
+      if (config.NSFW_API_URL) {
+        const nsfwResult = await fn.checkNsfw({ photo, config })
+        if (nsfwResult.rejected) {
+          res.code = RES_CODE.NSFW_REJECTED
+          res.err = nsfwResult.message
+          return res
+        }
+      }
       // tip: qcloud 图床走前端上传，其他图床走后端上传
       if (config.IMAGE_CDN === '7bu') {
         await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: 'https://7bu.top' })
@@ -41,6 +49,33 @@ const fn = {
     }
     return res
   },
+  async checkNsfw ({ photo, config }) {
+    const result = { rejected: false, message: '' }
+    try {
+      const threshold = parseFloat(config.NSFW_THRESHOLD) || 0.5
+      const apiUrl = config.NSFW_API_URL.replace(/\/$/, '')
+      const formData = new FormData()
+      formData.append('image', fn.base64UrlToReadStream(photo, 'nsfw_check.jpg'))
+      const response = await axios.post(`${apiUrl}/classify`, formData, {
+        headers: {
+          ...formData.getHeaders()
+        },
+        timeout: 30000
+      })
+      const scores = response.data
+      if (scores && typeof scores === 'object') {
+        const nsfwScore = (scores.porn || 0) + (scores.hentai || 0) + (scores.sexy || 0)
+        logger.info('NSFW检测分数:', nsfwScore, '阈值:', threshold)
+        if (nsfwScore > threshold) {
+          result.rejected = true
+          result.message = `图片包含不当内容，检测分数 ${nsfwScore.toFixed(3)} 超过阈值 ${threshold}`
+        }
+      }
+    } catch (e) {
+      logger.error('NSFW检测失败:', e.message)
+    }
+    return result
+  },
   async uploadImageToSee ({ photo, fileName, config, res, imageCdn }) {
     // S.EE 图床 https://s.ee (原 SM.MS)
     const formData = new FormData()

package/utils/index.js CHANGED Viewed

@@ -75,6 +75,8 @@ const fn = {
       }
     }
     const showRegion = !!config.SHOW_REGION && config.SHOW_REGION !== 'false'
+    const ups = comment.ups || []
+    const downs = comment.downs || []
     return {
       id: comment._id.toString(),
       nick: comment.nick,
@@ -87,7 +89,10 @@ const fn = {
       ipRegion: showRegion ? fn.getIpRegion({ ip: comment.ip }) : '',
       master: comment.master,
       like: comment.like ? comment.like.length : 0,
-      liked: comment.like ? comment.like.findIndex((item) => item === uid) > -1 : false,
+      ups: ups.length,
+      downs: downs.length,
+      liked: ups.includes(uid),
+      disliked: downs.includes(uid),
       replies: replies,
       rid: comment.rid,
       pid: comment.pid,
@@ -244,6 +249,23 @@ const fn = {
       logger.warn('获取 QQ 头像失败：', e)
     }
   },
+  async getQQNick (qq, qqApiKey) {
+    try {
+      const qqNum = qq.replace(/@qq.com/ig, '')
+      const headers = {}
+      if (qqApiKey) {
+        headers.Authorization = `Bearer ${qqApiKey}`
+      }
+      const result = await axios.get(`https://v1.nsuuu.com/api/qqname?qq=${qqNum}`, { headers })
+      if (result.data?.code === 200 && result.data?.data?.nick) {
+        return result.data.data.nick
+      }
+      return null
+    } catch (e) {
+      logger.warn('获取 QQ 昵称失败：', e)
+      return null
+    }
+  },
   // 判断是否存在管理员密码
   async getPasswordStatus (config, version) {
     return {
@@ -304,33 +326,75 @@ const fn = {
       throw new Error('验证码检测失败: ' + e.message)
     }
   },
+  async checkGeeTestCaptcha ({ geeTestCaptchaId, geeTestCaptchaKey, geeTestLotNumber, geeTestCaptchaOutput, geeTestPassToken, geeTestGenTime }) {
+    try {
+      logger.log('极验验证参数:', { geeTestCaptchaId, geeTestCaptchaKey: geeTestCaptchaKey ? '***' : undefined, geeTestLotNumber })
+      const crypto = require('crypto')
+      const signToken = crypto
+        .createHmac('sha256', geeTestCaptchaKey)
+        .update(geeTestLotNumber)
+        .digest('hex')
+      const params = new URLSearchParams()
+      params.append('lot_number', geeTestLotNumber)
+      params.append('captcha_output', geeTestCaptchaOutput)
+      params.append('pass_token', geeTestPassToken)
+      params.append('gen_time', geeTestGenTime)
+      params.append('sign_token', signToken)
+      logger.log('极验请求参数:', params.toString())
+      const url = `https://gcaptcha4.geetest.com/validate?captcha_id=${geeTestCaptchaId}`
+      const { data } = await axios.post(url, params.toString(), {
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
+      })
+      logger.log('极验验证码检测结果', JSON.stringify(data))
+      if (data.result !== 'success') {
+        logger.error('极验验证失败详情:', data)
+        throw new Error(data.reason || data.msg || '验证码错误')
+      }
+    } catch (e) {
+      throw new Error('极验验证码检测失败: ' + e.message)
+    }
+  },
   async getConfig ({ config, VERSION, isAdmin }) {
+    // 构建对外配置，避免在启用某一验证码供应商时泄露另一个供应商的 key
+    const baseConfig = {
+      VERSION,
+      IS_ADMIN: isAdmin,
+      SITE_NAME: config.SITE_NAME,
+      SITE_URL: config.SITE_URL,
+      MASTER_TAG: config.MASTER_TAG,
+      COMMENT_BG_IMG: config.COMMENT_BG_IMG,
+      GRAVATAR_CDN: config.GRAVATAR_CDN,
+      DEFAULT_GRAVATAR: config.DEFAULT_GRAVATAR,
+      SHOW_IMAGE: config.SHOW_IMAGE || 'true',
+      IMAGE_CDN: config.IMAGE_CDN,
+      LIGHTBOX: config.LIGHTBOX || 'false',
+      SHOW_EMOTION: config.SHOW_EMOTION || 'true',
+      EMOTION_CDN: config.EMOTION_CDN,
+      COMMENT_PLACEHOLDER: config.COMMENT_PLACEHOLDER,
+      DISPLAYED_FIELDS: config.DISPLAYED_FIELDS,
+      REQUIRED_FIELDS: config.REQUIRED_FIELDS,
+      HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
+      HIGHLIGHT: config.HIGHLIGHT || 'true',
+      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
+      HIGHLIGHT_PLUGIN: config.HIGHLIGHT_PLUGIN,
+      LIMIT_LENGTH: config.LIMIT_LENGTH,
+      CAPTCHA_PROVIDER: config.CAPTCHA_PROVIDER,
+      QQ_API_KEY: config.QQ_API_KEY
+    }
+    // 仅在明确指定使用 Turnstile 时下发 Turnstile 的 site key
+    if (config.CAPTCHA_PROVIDER === 'Turnstile') {
+      baseConfig.TURNSTILE_SITE_KEY = config.TURNSTILE_SITE_KEY
+    }
+    // 仅在明确指定使用 Geetest 时下发 Geetest 的 id
+    if (config.CAPTCHA_PROVIDER === 'Geetest') {
+      baseConfig.GEETEST_CAPTCHA_ID = config.GEETEST_CAPTCHA_ID
+    }
     return {
       code: RES_CODE.SUCCESS,
-      config: {
-        VERSION,
-        IS_ADMIN: isAdmin,
-        SITE_NAME: config.SITE_NAME,
-        SITE_URL: config.SITE_URL,
-        MASTER_TAG: config.MASTER_TAG,
-        COMMENT_BG_IMG: config.COMMENT_BG_IMG,
-        GRAVATAR_CDN: config.GRAVATAR_CDN,
-        DEFAULT_GRAVATAR: config.DEFAULT_GRAVATAR,
-        SHOW_IMAGE: config.SHOW_IMAGE || 'true',
-        IMAGE_CDN: config.IMAGE_CDN,
-        LIGHTBOX: config.LIGHTBOX || 'false',
-        SHOW_EMOTION: config.SHOW_EMOTION || 'true',
-        EMOTION_CDN: config.EMOTION_CDN,
-        COMMENT_PLACEHOLDER: config.COMMENT_PLACEHOLDER,
-        DISPLAYED_FIELDS: config.DISPLAYED_FIELDS,
-        REQUIRED_FIELDS: config.REQUIRED_FIELDS,
-        HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
-        HIGHLIGHT: config.HIGHLIGHT || 'true',
-        HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
-        HIGHLIGHT_PLUGIN: config.HIGHLIGHT_PLUGIN,
-        LIMIT_LENGTH: config.LIMIT_LENGTH,
-        TURNSTILE_SITE_KEY: config.TURNSTILE_SITE_KEY
-      }
+      config: baseConfig
     }
   },
   async getConfigForAdmin ({ config, isAdmin }) {