npm - twikoo-func - Versions diffs - 1.7.0 → 1.7.2 - Mend

twikoo-func 1.7.0 → 1.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -26,6 +26,7 @@ const {
   isQQ,
   addQQMailSuffix,
   getQQAvatar,
+  getQQNick,
   getPasswordStatus,
   preCheckSpam,
   checkTurnstileCaptcha,
@@ -138,6 +139,9 @@ exports.main = async (event, context) => {
       case 'UPLOAD_IMAGE': // >= 1.5.0
         res = await uploadImage(event, config)
         break
+      case 'GET_QQ_NICK': // >= 1.7.0
+        res = await qqNickGet(event)
+        break
       case 'COMMENT_EXPORT_FOR_ADMIN': // >= 1.6.13
         res = await commentExportForAdmin(event)
         break
@@ -714,14 +718,14 @@ async function limitFilter () {
 }
 async function checkCaptcha (comment) {
-  if (config.TURNSTILE_SITE_KEY && config.TURNSTILE_SECRET_KEY) {
+  const provider = config.CAPTCHA_PROVIDER
+  if ((!provider || provider === 'Turnstile') && config.TURNSTILE_SITE_KEY && config.TURNSTILE_SECRET_KEY) {
     await checkTurnstileCaptcha({
       ip: auth.getClientIP(),
       turnstileToken: comment.turnstileToken,
       turnstileTokenSecretKey: config.TURNSTILE_SECRET_KEY
     })
-  }
-  if (config.GEETEST_CAPTCHA_ID && config.GEETEST_CAPTCHA_KEY) {
+  } else if ((!provider || provider === 'Geetest') && config.GEETEST_CAPTCHA_ID && config.GEETEST_CAPTCHA_KEY) {
     await checkGeeTestCaptcha({
       geeTestCaptchaId: config.GEETEST_CAPTCHA_ID,
       geeTestCaptchaKey: config.GEETEST_CAPTCHA_KEY,
@@ -879,6 +883,21 @@ async function getRecentComments (event) {
   return res
 }
+// 获取 QQ 昵称
+async function qqNickGet (event) {
+  const res = {}
+  try {
+    validate(event, ['qq'])
+    const nick = await getQQNick(event.qq, config.QQ_API_KEY)
+    res.code = RES_CODE.SUCCESS
+    res.nick = nick
+  } catch (e) {
+    res.code = RES_CODE.FAIL
+    res.message = e.message
+  }
+  return res
+}
 // 修改配置
 async function setConfig (event) {
   const isAdminUser = await isAdmin()

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-func",
-  "version": "1.7.0",
+  "version": "1.7.2",
   "description": "A simple comment system.",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",

package/utils/image.js CHANGED Viewed

@@ -12,8 +12,14 @@ const fn = {
   async uploadImage (event, config) {
     const { photo, fileName } = event
     const res = {}
+    const imageService = config.IMAGE_SERVICE || config.IMAGE_CDN
     try {
-      if (!config.IMAGE_CDN || !config.IMAGE_CDN_TOKEN) {
+      if (imageService === 's3') {
+        // S3 图床只需要配置相关 S3 参数，不需要 IMAGE_CDN_TOKEN
+        if (!config.S3_BUCKET || !config.S3_ACCESS_KEY_ID || !config.S3_SECRET_ACCESS_KEY) {
+          throw new Error('未配置 S3 图床参数（S3_BUCKET、S3_ACCESS_KEY_ID、S3_SECRET_ACCESS_KEY）')
+        }
+      } else if (!imageService || !config.IMAGE_CDN_TOKEN) {
         throw new Error('未配置图片上传服务')
       }
       if (config.NSFW_API_URL) {
@@ -25,20 +31,22 @@ const fn = {
         }
       }
       // tip: qcloud 图床走前端上传，其他图床走后端上传
-      if (config.IMAGE_CDN === '7bu') {
+      if (imageService === '7bu') {
         await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: 'https://7bu.top' })
-      } else if (config.IMAGE_CDN === 'see') {
+      } else if (imageService === 'see') {
         await fn.uploadImageToSee({ photo, fileName, config, res, imageCdn: 'https://s.ee/api/v1/file/upload' })
-      } else if (isUrl(config.IMAGE_CDN)) {
-        await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: config.IMAGE_CDN })
-      } else if (config.IMAGE_CDN === 'lskypro') {
+      } else if (isUrl(imageService)) {
+        await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: imageService })
+      } else if (imageService === 'lskypro') {
         await fn.uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: config.IMAGE_CDN_URL })
-      } else if (config.IMAGE_CDN === 'piclist') {
+      } else if (imageService === 'piclist') {
         await fn.uploadImageToPicList({ photo, fileName, config, res, imageCdn: config.IMAGE_CDN_URL })
-      } else if (config.IMAGE_CDN === 'easyimage') {
+      } else if (imageService === 'easyimage') {
         await fn.uploadImageToEasyImage({ photo, fileName, config, res })
-      } else if (config.IMAGE_CDN === 'chevereto') {
+      } else if (imageService === 'chevereto') {
         await fn.uploadImageToChevereto({ photo, fileName, config, res })
+      } else if (imageService === 's3') {
+        await fn.uploadImageToS3({ photo, fileName, config, res })
       } else {
         throw new Error('不支持的图片上传服务')
       }
@@ -214,6 +222,96 @@ const fn = {
       throw new Error(`Chevereto 上传失败: ${errMsg}`)
     }
   },
+  async uploadImageToS3 ({ photo, fileName, config, res }) {
+    // 使用原生 crypto + axios 实现 AWS Signature V4，无需引入 SDK
+    if (!config.S3_BUCKET) {
+      throw new Error('未配置 S3 存储桶名称 (S3_BUCKET)')
+    }
+    if (!config.S3_ACCESS_KEY_ID) {
+      throw new Error('未配置 S3 Access Key ID (S3_ACCESS_KEY_ID)')
+    }
+    if (!config.S3_SECRET_ACCESS_KEY) {
+      throw new Error('未配置 S3 Secret Access Key (S3_SECRET_ACCESS_KEY)')
+    }
+    const crypto = require('crypto')
+    const region = config.S3_REGION || 'us-east-1'
+    // 解析 base64 图片数据
+    const base64 = photo.split(';base64,').pop()
+    const mimeType = photo.split(';base64,')[0].replace('data:', '') || 'image/webp'
+    const body = Buffer.from(base64, 'base64')
+    // 构建对象 key
+    const prefix = config.S3_PATH_PREFIX ? config.S3_PATH_PREFIX.replace(/\/$/, '') + '/' : ''
+    const key = `${prefix}${Date.now()}-${fileName}`
+    let endpoint
+    if (config.S3_ENDPOINT) {
+      // 兼容 R2
+      endpoint = `${config.S3_ENDPOINT.replace(/\/$/, '')}/${config.S3_BUCKET}/${key}`
+    } else {
+      // 标准 AWS S3：virtual-hosted-style URL
+      endpoint = `https://${config.S3_BUCKET}.s3.${region}.amazonaws.com/${key}`
+    }
+    const endpointUrl = new URL(endpoint)
+    const host = endpointUrl.host
+    const pathname = endpointUrl.pathname
+    const now = new Date()
+    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
+    const amzDate = now.toISOString().replace(/[:-]/g, '').slice(0, 15) + 'Z'
+    const payloadHash = crypto.createHash('sha256').update(body).digest('hex')
+    const signedHeaders = 'content-type;host;x-amz-content-sha256;x-amz-date'
+    const canonicalHeaders = [
+      `content-type:${mimeType}`,
+      `host:${host}`,
+      `x-amz-content-sha256:${payloadHash}`,
+      `x-amz-date:${amzDate}`
+    ].join('\n') + '\n'
+    const canonicalRequest = [
+      'PUT',
+      pathname,
+      '', // query string
+      canonicalHeaders,
+      signedHeaders,
+      payloadHash
+    ].join('\n')
+    const credentialScope = `${dateStamp}/${region}/s3/aws4_request`
+    const stringToSign = [
+      'AWS4-HMAC-SHA256',
+      amzDate,
+      credentialScope,
+      crypto.createHash('sha256').update(canonicalRequest).digest('hex')
+    ].join('\n')
+    const hmac = (key, data) => crypto.createHmac('sha256', key).update(data).digest()
+    const signingKey = hmac(
+      hmac(
+        hmac(
+          hmac(Buffer.from('AWS4' + config.S3_SECRET_ACCESS_KEY), dateStamp),
+          region
+        ),
+        's3'
+      ),
+      'aws4_request'
+    )
+    const signature = crypto.createHmac('sha256', signingKey).update(stringToSign).digest('hex')
+    const authorization = `AWS4-HMAC-SHA256 Credential=${config.S3_ACCESS_KEY_ID}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`
+    await axios.put(endpoint, body, {
+      headers: {
+        'Content-Type': mimeType,
+        'x-amz-content-sha256': payloadHash,
+        'x-amz-date': amzDate,
+        Authorization: authorization
+      },
+      maxBodyLength: Infinity
+    })
+    // 构建访问 URL
+    let fileUrl
+    if (config.S3_CDN_URL) {
+      fileUrl = `${config.S3_CDN_URL.replace(/\/$/, '')}/${key}`
+    } else if (config.S3_ENDPOINT) {
+      fileUrl = `${config.S3_ENDPOINT.replace(/\/$/, '')}/${config.S3_BUCKET}/${key}`
+    } else {
+      fileUrl = `https://${config.S3_BUCKET}.s3.${region}.amazonaws.com/${key}`
+    }
+    res.data = { url: fileUrl }
+  },
   base64UrlToReadStream (base64Url, fileName) {
     const base64 = base64Url.split(';base64,').pop()
     const writePath = path.resolve(os.tmpdir(), fileName)

package/utils/index.js CHANGED Viewed

@@ -249,6 +249,23 @@ const fn = {
       logger.warn('获取 QQ 头像失败：', e)
     }
   },
+  async getQQNick (qq, qqApiKey) {
+    try {
+      const qqNum = qq.replace(/@qq.com/ig, '')
+      const headers = {}
+      if (qqApiKey) {
+        headers.Authorization = `Bearer ${qqApiKey}`
+      }
+      const result = await axios.get(`https://v1.nsuuu.com/api/qqname?qq=${qqNum}`, { headers })
+      if (result.data?.code === 200 && result.data?.data?.nick) {
+        return result.data.data.nick
+      }
+      return null
+    } catch (e) {
+      logger.warn('获取 QQ 昵称失败：', e)
+      return null
+    }
+  },
   // 判断是否存在管理员密码
   async getPasswordStatus (config, version) {
     return {
@@ -338,34 +355,49 @@ const fn = {
     }
   },
   async getConfig ({ config, VERSION, isAdmin }) {
+    // 构建对外配置，避免在启用某一验证码供应商时泄露另一个供应商的 key
+    const baseConfig = {
+      VERSION,
+      IS_ADMIN: isAdmin,
+      SITE_NAME: config.SITE_NAME,
+      SITE_URL: config.SITE_URL,
+      MASTER_TAG: config.MASTER_TAG,
+      COMMENT_BG_IMG: config.COMMENT_BG_IMG,
+      GRAVATAR_CDN: config.GRAVATAR_CDN,
+      DEFAULT_GRAVATAR: config.DEFAULT_GRAVATAR,
+      SHOW_IMAGE: config.SHOW_IMAGE || 'true',
+      IMAGE_CDN: config.IMAGE_CDN,
+      IMAGE_SERVICE: config.IMAGE_SERVICE,
+      LIGHTBOX: config.LIGHTBOX || 'false',
+      SHOW_EMOTION: config.SHOW_EMOTION || 'true',
+      EMOTION_CDN: config.EMOTION_CDN,
+      COMMENT_PLACEHOLDER: config.COMMENT_PLACEHOLDER,
+      SHOW_ORDER: config.SHOW_ORDER || 'true',
+      SHOW_DISLIKE: config.SHOW_DISLIKE || 'true',
+      DISPLAYED_FIELDS: config.DISPLAYED_FIELDS,
+      REQUIRED_FIELDS: config.REQUIRED_FIELDS,
+      HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
+      HIGHLIGHT: config.HIGHLIGHT || 'true',
+      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
+      HIGHLIGHT_PLUGIN: config.HIGHLIGHT_PLUGIN,
+      LIMIT_LENGTH: config.LIMIT_LENGTH,
+      CAPTCHA_PROVIDER: config.CAPTCHA_PROVIDER,
+      QQ_API_KEY: config.QQ_API_KEY
+    }
+    // 仅在明确指定使用 Turnstile 时下发 Turnstile 的 site key
+    if (config.CAPTCHA_PROVIDER === 'Turnstile') {
+      baseConfig.TURNSTILE_SITE_KEY = config.TURNSTILE_SITE_KEY
+    }
+    // 仅在明确指定使用 Geetest 时下发 Geetest 的 id
+    if (config.CAPTCHA_PROVIDER === 'Geetest') {
+      baseConfig.GEETEST_CAPTCHA_ID = config.GEETEST_CAPTCHA_ID
+    }
     return {
       code: RES_CODE.SUCCESS,
-      config: {
-        VERSION,
-        IS_ADMIN: isAdmin,
-        SITE_NAME: config.SITE_NAME,
-        SITE_URL: config.SITE_URL,
-        MASTER_TAG: config.MASTER_TAG,
-        COMMENT_BG_IMG: config.COMMENT_BG_IMG,
-        GRAVATAR_CDN: config.GRAVATAR_CDN,
-        DEFAULT_GRAVATAR: config.DEFAULT_GRAVATAR,
-        SHOW_IMAGE: config.SHOW_IMAGE || 'true',
-        IMAGE_CDN: config.IMAGE_CDN,
-        LIGHTBOX: config.LIGHTBOX || 'false',
-        SHOW_EMOTION: config.SHOW_EMOTION || 'true',
-        EMOTION_CDN: config.EMOTION_CDN,
-        COMMENT_PLACEHOLDER: config.COMMENT_PLACEHOLDER,
-        DISPLAYED_FIELDS: config.DISPLAYED_FIELDS,
-        REQUIRED_FIELDS: config.REQUIRED_FIELDS,
-        HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
-        HIGHLIGHT: config.HIGHLIGHT || 'true',
-        HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
-        HIGHLIGHT_PLUGIN: config.HIGHLIGHT_PLUGIN,
-        LIMIT_LENGTH: config.LIMIT_LENGTH,
-        TURNSTILE_SITE_KEY: config.TURNSTILE_SITE_KEY,
-        GEETEST_CAPTCHA_ID: config.GEETEST_CAPTCHA_ID,
-        QQ_API_KEY: config.QQ_API_KEY
-      }
+      config: baseConfig
     }
   },
   async getConfigForAdmin ({ config, isAdmin }) {