npm - twikoo-vercel - Versions diffs - 1.5.0 → 1.5.3 - Mend

twikoo-vercel 1.5.0 → 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/api/index.js +34 -5
package/package.json +1 -1

package/api/index.js CHANGED Viewed

@@ -1,10 +1,11 @@
 /*!
- * Twikoo vercel function v1.5.0
+ * Twikoo vercel function
  * (c) 2020-present iMaeGoo
  * Released under the MIT License.
  */
 // 三方依赖 / 3rd party dependencies
+const { version: VERSION } = require('../package.json')
 const { URL } = require('url')
 const MongoClient = require('mongodb').MongoClient
 const md5 = require('blueimp-md5') // MD5 加解密
@@ -29,7 +30,6 @@ const window = new JSDOM('').window
 const DOMPurify = createDOMPurify(window)
 // 常量 / constants
-const VERSION = '1.5.0'
 const RES_CODE = {
   SUCCESS: 0,
   NO_PARAM: 100,
@@ -46,6 +46,7 @@ const RES_CODE = {
   AKISMET_ERROR: 1030,
   UPLOAD_FAILED: 1040
 }
+const MAX_REQUEST_TIMES = parseInt(process.env.TWIKOO_THROTTLE) || 250
 // 全局变量 / variables
 let db = null
@@ -54,15 +55,18 @@ let transporter
 let request
 let response
 let accessToken
+const requestTimes = {}
 module.exports = async (requestArg, responseArg) => {
   request = requestArg
   response = responseArg
   const event = request.body || {}
+  console.log('请求ＩＰ：', request.headers['x-real-ip'])
   console.log('请求方法：', event.event)
   console.log('请求参数：', event)
   let res = {}
   try {
+    protect()
     anonymousSignIn()
     await connectToDatabase(process.env.MONGODB_URI)
     await readConfig()
@@ -1000,7 +1004,12 @@ async function noticePushoo (comment) {
   const sendResult = await pushoo(config.PUSHOO_CHANNEL, {
     token: config.PUSHOO_TOKEN,
     title: pushContent.subject,
-    content: pushContent.content
+    content: pushContent.content,
+    options: {
+      bark: {
+        url: pushContent.url
+      }
+    }
   })
   console.log('即时消息通知结果：', sendResult)
 }
@@ -1024,7 +1033,8 @@ function getIMPushContent (comment) {
 原文链接：[${POST_URL}](${POST_URL})`
   return {
     subject,
-    content
+    content,
+    url: POST_URL
   }
 }
@@ -1168,6 +1178,12 @@ async function limitFilter () {
 // 预垃圾评论检测
 function preCheckSpam (comment) {
+  // 长度限制
+  let limitLength = parseInt(config.LIMIT_LENGTH)
+  if (Number.isNaN(limitLength)) limitLength = 500
+  if (limitLength && comment.length > limitLength) {
+    throw new Error('评论内容过长')
+  }
   if (config.AKISMET_KEY === 'MANUAL_REVIEW') {
     // 人工审核
     console.log('已使用人工审核模式，评论审核后才会发表~')
@@ -1498,7 +1514,8 @@ async function getConfig () {
       REQUIRED_FIELDS: config.REQUIRED_FIELDS,
       HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
       HIGHLIGHT: config.HIGHLIGHT || 'true',
-      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME
+      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
+      LIMIT_LENGTH: config.LIMIT_LENGTH
     }
   }
 }
@@ -1535,6 +1552,18 @@ async function setConfig (event) {
   }
 }
+function protect () {
+  // 防御
+  const ip = request.headers['x-real-ip']
+  requestTimes[ip] = (requestTimes[ip] || 0) + 1
+  if (requestTimes[ip] > MAX_REQUEST_TIMES) {
+    console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}，已超过最大请求次数`)
+    throw new Error('Too Many Requests')
+  } else {
+    console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}`)
+  }
+}
 // 读取配置
 async function readConfig () {
   try {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-vercel",
-  "version": "1.5.0",
+  "version": "1.5.3",
   "description": "A simple comment system based on Tencent CloudBase (tcb).",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",