twikoo-vercel 1.5.1 → 1.5.4

package/api/index.js

@@ -46,6 +46,7 @@ const RES_CODE = {
   AKISMET_ERROR: 1030,
   UPLOAD_FAILED: 1040
 }
+const MAX_REQUEST_TIMES = parseInt(process.env.TWIKOO_THROTTLE) || 250
 
 // 全局变量 / variables
 let db = null
@@ -54,15 +55,18 @@ let transporter
 let request
 let response
 let accessToken
+const requestTimes = {}
 
 module.exports = async (requestArg, responseArg) => {
   request = requestArg
   response = responseArg
   const event = request.body || {}
+  console.log('请求ＩＰ：', request.headers['x-real-ip'])
   console.log('请求方法：', event.event)
   console.log('请求参数：', event)
   let res = {}
   try {
+    protect()
     anonymousSignIn()
     await connectToDatabase(process.env.MONGODB_URI)
     await readConfig()
@@ -1174,6 +1178,12 @@ async function limitFilter () {
 
 // 预垃圾评论检测
 function preCheckSpam (comment) {
+  // 长度限制
+  let limitLength = parseInt(config.LIMIT_LENGTH)
+  if (Number.isNaN(limitLength)) limitLength = 500
+  if (limitLength && comment.length > limitLength) {
+    throw new Error('评论内容过长')
+  }
   if (config.AKISMET_KEY === 'MANUAL_REVIEW') {
     // 人工审核
     console.log('已使用人工审核模式，评论审核后才会发表~')
@@ -1393,9 +1403,9 @@ async function emailTest (event) {
   const isAdminUser = await isAdmin()
   if (isAdminUser) {
     try {
-      if (!transporter) {
-        await initMailer({ throwErr: true })
-      }
+      // 邮件测试前清除 transporter，保证读取的是最新的配置
+      transporter = null
+      await initMailer({ throwErr: true })
       const sendResult = await transporter.sendMail({
         from: config.SENDER_EMAIL,
         to: event.mail || config.BLOGGER_EMAIL || config.SENDER_EMAIL,
@@ -1417,21 +1427,16 @@ async function uploadImage (event) {
   const { photo, fileName } = event
   const res = {}
   try {
-    if (!config.IMAGE_CDN_TOKEN) {
+    if (!config.IMAGE_CDN || !config.IMAGE_CDN_TOKEN) {
       throw new Error('未配置图片上传服务')
     }
-    const formData = new FormData()
-    formData.append('image', base64UrlToReadStream(photo, fileName))
-    const uploadResult = await axios.post('https://7bu.top/api/upload', formData, {
-      headers: {
-        ...formData.getHeaders(),
-        token: config.IMAGE_CDN_TOKEN
-      }
-    })
-    if (uploadResult.data.code === 200) {
-      res.data = uploadResult.data.data
-    } else {
-      throw new Error(uploadResult.data.msg)
+    // tip: qcloud 图床走前端上传，其他图床走后端上传
+    if (config.IMAGE_CDN === '7bu') {
+      await uploadImageTo7Bu({ photo, fileName, config, res })
+    } else if (config.IMAGE_CDN === 'smms') {
+      await uploadImageToSmms({ photo, fileName, config, res })
+    } else if (isUrl(config.IMAGE_CDN)) {
+      await uploadImageToLskyPro({ photo, fileName, config, res })
     }
   } catch (e) {
     console.error(e)
@@ -1441,6 +1446,64 @@ async function uploadImage (event) {
   return res
 }
 
+async function uploadImageTo7Bu ({ photo, fileName, config, res }) {
+  // 去不图床旧版本 https://7bu.top
+  // TODO: 2022 年 4 月 30 日后去不图床将会升级新版本，此处逻辑要同步更新
+  const formData = new FormData()
+  formData.append('image', base64UrlToReadStream(photo, fileName))
+  const uploadResult = await axios.post('https://7bu.top/api/upload', formData, {
+    headers: {
+      ...formData.getHeaders(),
+      token: config.IMAGE_CDN_TOKEN
+    }
+  })
+  if (uploadResult.data.code === 200) {
+    res.data = uploadResult.data.data
+  } else {
+    throw new Error(uploadResult.data.msg)
+  }
+}
+
+async function uploadImageToSmms ({ photo, fileName, config, res }) {
+  // SM.MS 图床 https://sm.ms
+  const formData = new FormData()
+  formData.append('smfile', base64UrlToReadStream(photo, fileName))
+  const uploadResult = await axios.post('https://sm.ms/api/v2/upload', formData, {
+    headers: {
+      ...formData.getHeaders(),
+      Authorization: config.IMAGE_CDN_TOKEN
+    }
+  })
+  if (uploadResult.data.success) {
+    res.data = uploadResult.data.data
+  } else {
+    throw new Error(uploadResult.data.message)
+  }
+}
+
+async function uploadImageToLskyPro ({ photo, fileName, config, res }) {
+  // 自定义兰空图床（v2）URL
+  const formData = new FormData()
+  formData.append('file', base64UrlToReadStream(photo, fileName))
+  const url = `${config.IMAGE_CDN}/api/v1/upload`
+  let token = config.IMAGE_CDN_TOKEN
+  if (!token.startsWith('Bearer')) {
+    token = `Bearer ${token}`
+  }
+  const uploadResult = await axios.post(url, formData, {
+    headers: {
+      ...formData.getHeaders(),
+      Authorization: token
+    }
+  })
+  if (uploadResult.data.status) {
+    res.data = uploadResult.data.data
+    res.data.url = res.data.links.url
+  } else {
+    throw new Error(uploadResult.data.message)
+  }
+}
+
 function base64UrlToReadStream (base64Url, fileName) {
   const base64 = base64Url.split(';base64,').pop()
   const path = `/tmp/${fileName}`
@@ -1448,6 +1511,10 @@ function base64UrlToReadStream (base64Url, fileName) {
   return fs.createReadStream(path)
 }
 
+function isUrl (s) {
+  return /^http(s)?:\/\//.test(s)
+}
+
 function getAvatar (comment) {
   if (comment.avatar) {
     return comment.avatar
@@ -1504,7 +1571,8 @@ async function getConfig () {
       REQUIRED_FIELDS: config.REQUIRED_FIELDS,
       HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
       HIGHLIGHT: config.HIGHLIGHT || 'true',
-      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME
+      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
+      LIMIT_LENGTH: config.LIMIT_LENGTH
     }
   }
 }
@@ -1541,6 +1609,18 @@ async function setConfig (event) {
   }
 }
 
+function protect () {
+  // 防御
+  const ip = request.headers['x-real-ip']
+  requestTimes[ip] = (requestTimes[ip] || 0) + 1
+  if (requestTimes[ip] > MAX_REQUEST_TIMES) {
+    console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}，已超过最大请求次数`)
+    throw new Error('Too Many Requests')
+  } else {
+    console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}`)
+  }
+}
+
 // 读取配置
 async function readConfig () {
   try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-vercel",
-  "version": "1.5.1",
+  "version": "1.5.4",
   "description": "A simple comment system based on Tencent CloudBase (tcb).",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",