twikoo-vercel 1.5.1 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/api/index.js +24 -1
- package/package.json +1 -1
package/api/index.js
CHANGED
|
@@ -46,6 +46,7 @@ const RES_CODE = {
|
|
|
46
46
|
AKISMET_ERROR: 1030,
|
|
47
47
|
UPLOAD_FAILED: 1040
|
|
48
48
|
}
|
|
49
|
+
const MAX_REQUEST_TIMES = parseInt(process.env.TWIKOO_THROTTLE) || 250
|
|
49
50
|
|
|
50
51
|
// 全局变量 / variables
|
|
51
52
|
let db = null
|
|
@@ -54,15 +55,18 @@ let transporter
|
|
|
54
55
|
let request
|
|
55
56
|
let response
|
|
56
57
|
let accessToken
|
|
58
|
+
const requestTimes = {}
|
|
57
59
|
|
|
58
60
|
module.exports = async (requestArg, responseArg) => {
|
|
59
61
|
request = requestArg
|
|
60
62
|
response = responseArg
|
|
61
63
|
const event = request.body || {}
|
|
64
|
+
console.log('请求IP:', request.headers['x-real-ip'])
|
|
62
65
|
console.log('请求方法:', event.event)
|
|
63
66
|
console.log('请求参数:', event)
|
|
64
67
|
let res = {}
|
|
65
68
|
try {
|
|
69
|
+
protect()
|
|
66
70
|
anonymousSignIn()
|
|
67
71
|
await connectToDatabase(process.env.MONGODB_URI)
|
|
68
72
|
await readConfig()
|
|
@@ -1174,6 +1178,12 @@ async function limitFilter () {
|
|
|
1174
1178
|
|
|
1175
1179
|
// 预垃圾评论检测
|
|
1176
1180
|
function preCheckSpam (comment) {
|
|
1181
|
+
// 长度限制
|
|
1182
|
+
let limitLength = parseInt(config.LIMIT_LENGTH)
|
|
1183
|
+
if (Number.isNaN(limitLength)) limitLength = 500
|
|
1184
|
+
if (limitLength && comment.length > limitLength) {
|
|
1185
|
+
throw new Error('评论内容过长')
|
|
1186
|
+
}
|
|
1177
1187
|
if (config.AKISMET_KEY === 'MANUAL_REVIEW') {
|
|
1178
1188
|
// 人工审核
|
|
1179
1189
|
console.log('已使用人工审核模式,评论审核后才会发表~')
|
|
@@ -1504,7 +1514,8 @@ async function getConfig () {
|
|
|
1504
1514
|
REQUIRED_FIELDS: config.REQUIRED_FIELDS,
|
|
1505
1515
|
HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
|
|
1506
1516
|
HIGHLIGHT: config.HIGHLIGHT || 'true',
|
|
1507
|
-
HIGHLIGHT_THEME: config.HIGHLIGHT_THEME
|
|
1517
|
+
HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
|
|
1518
|
+
LIMIT_LENGTH: config.LIMIT_LENGTH
|
|
1508
1519
|
}
|
|
1509
1520
|
}
|
|
1510
1521
|
}
|
|
@@ -1541,6 +1552,18 @@ async function setConfig (event) {
|
|
|
1541
1552
|
}
|
|
1542
1553
|
}
|
|
1543
1554
|
|
|
1555
|
+
function protect () {
|
|
1556
|
+
// 防御
|
|
1557
|
+
const ip = request.headers['x-real-ip']
|
|
1558
|
+
requestTimes[ip] = (requestTimes[ip] || 0) + 1
|
|
1559
|
+
if (requestTimes[ip] > MAX_REQUEST_TIMES) {
|
|
1560
|
+
console.log(`${ip} 当前请求次数为 ${requestTimes[ip]},已超过最大请求次数`)
|
|
1561
|
+
throw new Error('Too Many Requests')
|
|
1562
|
+
} else {
|
|
1563
|
+
console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}`)
|
|
1564
|
+
}
|
|
1565
|
+
}
|
|
1566
|
+
|
|
1544
1567
|
// 读取配置
|
|
1545
1568
|
async function readConfig () {
|
|
1546
1569
|
try {
|
package/package.json
CHANGED