twikoo-func 1.7.8 → 1.7.10

package/index.js

@@ -34,7 +34,8 @@ const {
   checkCapCaptcha,
   getConfig,
   getConfigForAdmin,
-  validate
+  validate,
+  checkCommentOwnership
 } = require('./utils')
 const {
   jsonParse,
@@ -146,6 +147,9 @@ exports.main = async (event, context) => {
       case 'COMMENT_EXPORT_FOR_ADMIN': // >= 1.6.13
         res = await commentExportForAdmin(event)
         break
+      case 'COMMENT_DELETE_FOR_USER':
+        res = await commentDeleteForUser(event)
+        break
       default:
         if (event.event) {
           res.code = RES_CODE.EVENT_NOT_EXIST
@@ -428,6 +432,25 @@ async function commentDeleteForAdmin (event) {
   return res
 }
 
+// 用户删除自己的评论
+async function commentDeleteForUser (event) {
+  const res = {}
+  try {
+    const uid = await getUid()
+    await checkCommentOwnership(event.id, uid, async (id) => {
+      const doc = await db.collection('comment').doc(id).get()
+      return doc.data && doc.data.length > 0 ? doc.data[0] : null
+    })
+    const data = await db.collection('comment').doc(event.id).delete()
+    res.code = RES_CODE.SUCCESS
+    res.deleted = data.deleted
+  } catch (e) {
+    res.code = RES_CODE.FAIL
+    res.message = e.message
+  }
+  return res
+}
+
 // 管理员导入评论
 async function commentImportForAdmin (event) {
   const res = {}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-func",
-  "version": "1.7.8",
+  "version": "1.7.10",
   "description": "A simple comment system.",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",

package/utils/import.js

@@ -3,6 +3,41 @@ const { getMarked, getDomPurify, getMd5 } = require('./lib')
 const marked = getMarked()
 const md5 = getMd5()
 
+const ARRAY_FIELDS = ['like', 'ups', 'downs']
+
+const parseJsonArrayField = (value) => {
+  if (Array.isArray(value)) return value
+  if (typeof value !== 'string') return value
+  const trimmed = value.trim()
+  if (!trimmed.startsWith('[')) return value
+  try {
+    const parsed = JSON.parse(trimmed)
+    return Array.isArray(parsed) ? parsed : value
+  } catch (e) {
+    return value
+  }
+}
+
+const normalizeTwikooComment = (comment) => {
+  const parsed = { ...comment }
+  if (comment._id && comment._id.$oid) {
+    // 解决 id 历史数据问题
+    parsed._id = comment._id.$oid
+  }
+  if (comment.pid === null) {
+    delete parsed.pid
+  }
+  if (comment.rid === null) {
+    delete parsed.rid
+  }
+  for (const field of ARRAY_FIELDS) {
+    if (field in parsed) {
+      parsed[field] = parseJsonArrayField(parsed[field])
+    }
+  }
+  return parsed
+}
+
 const fn = {
   // 兼容 Leancloud 两种 JSON 导出格式
   jsonParse (content) {
@@ -240,17 +275,7 @@ const fn = {
     log(`共 ${arr.length} 条评论`)
     for (const comment of arr) {
       try {
-        const parsed = comment
-        if (comment._id.$oid) {
-          // 解决 id 历史数据问题
-          parsed._id = comment._id.$oid
-        }
-        if (comment.pid === null) {
-          delete comment.pid
-        }
-        if (comment.rid === null) {
-          delete comment.rid
-        }
+        const parsed = normalizeTwikooComment(comment)
         comments.push(parsed)
         log(`${comment._id} 解析成功`)
       } catch (e) {

package/utils/index.js

@@ -99,6 +99,7 @@ const fn = {
       ruser: fn.ruser(comment.pid, comments),
       top: comment.top,
       isSpam: comment.isSpam,
+      isOwner: comment.uid === uid,
       created: comment.created,
       updated: comment.updated
     }
@@ -445,6 +446,18 @@ const fn = {
         throw new Error(`参数"${requiredParam}"不合法`)
       }
     }
+  },
+  // 校验评论归属：确认评论存在且属于当前用户
+  async checkCommentOwnership (id, uid, getComment) {
+    fn.validate({ id }, ['id'])
+    const comment = await getComment(id)
+    if (!comment) {
+      throw new Error('评论不存在')
+    }
+    if (comment.uid !== uid) {
+      throw new Error('只能删除自己的评论')
+    }
+    return comment
   }
 }