twikoo-vercel 1.5.4 → 1.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/api/index.js +16 -4
- package/package.json +1 -1
package/api/index.js
CHANGED
|
@@ -163,7 +163,7 @@ module.exports = async (requestArg, responseArg) => {
|
|
|
163
163
|
function allowCors () {
|
|
164
164
|
if (request.headers.origin) {
|
|
165
165
|
response.setHeader('Access-Control-Allow-Credentials', true)
|
|
166
|
-
response.setHeader('Access-Control-Allow-Origin',
|
|
166
|
+
response.setHeader('Access-Control-Allow-Origin', getAllowedOrigin())
|
|
167
167
|
response.setHeader('Access-Control-Allow-Methods', 'POST')
|
|
168
168
|
response.setHeader(
|
|
169
169
|
'Access-Control-Allow-Headers',
|
|
@@ -172,6 +172,18 @@ function allowCors () {
|
|
|
172
172
|
}
|
|
173
173
|
}
|
|
174
174
|
|
|
175
|
+
function getAllowedOrigin () {
|
|
176
|
+
const localhostRegex = /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)(:\d{1,5})?$/
|
|
177
|
+
if (localhostRegex.test(request.headers.origin)) {
|
|
178
|
+
return request.headers.origin
|
|
179
|
+
} else if (config.CORS_ALLOW_ORIGIN) {
|
|
180
|
+
// 许多用户设置安全域名时,喜欢带结尾的 "/",必须处理掉
|
|
181
|
+
return config.CORS_ALLOW_ORIGIN.replace(/\/$/, '')
|
|
182
|
+
} else {
|
|
183
|
+
return request.headers.origin
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
|
|
175
187
|
function anonymousSignIn () {
|
|
176
188
|
if (request.body) {
|
|
177
189
|
if (request.body.accessToken) {
|
|
@@ -1133,7 +1145,7 @@ async function parse (comment) {
|
|
|
1133
1145
|
comment: DOMPurify.sanitize(comment.comment, { FORBID_TAGS: ['style'], FORBID_ATTR: ['style'] }),
|
|
1134
1146
|
pid: comment.pid ? comment.pid : comment.rid,
|
|
1135
1147
|
rid: comment.rid,
|
|
1136
|
-
isSpam: isAdminUser ? false : preCheckSpam(comment
|
|
1148
|
+
isSpam: isAdminUser ? false : preCheckSpam(comment),
|
|
1137
1149
|
created: timestamp,
|
|
1138
1150
|
updated: timestamp
|
|
1139
1151
|
}
|
|
@@ -1177,7 +1189,7 @@ async function limitFilter () {
|
|
|
1177
1189
|
}
|
|
1178
1190
|
|
|
1179
1191
|
// 预垃圾评论检测
|
|
1180
|
-
function preCheckSpam (comment) {
|
|
1192
|
+
function preCheckSpam ({ comment, nick }) {
|
|
1181
1193
|
// 长度限制
|
|
1182
1194
|
let limitLength = parseInt(config.LIMIT_LENGTH)
|
|
1183
1195
|
if (Number.isNaN(limitLength)) limitLength = 500
|
|
@@ -1191,7 +1203,7 @@ function preCheckSpam (comment) {
|
|
|
1191
1203
|
} else if (config.FORBIDDEN_WORDS) {
|
|
1192
1204
|
// 违禁词检测
|
|
1193
1205
|
for (const forbiddenWord of config.FORBIDDEN_WORDS.split(',')) {
|
|
1194
|
-
if (comment.indexOf(forbiddenWord.trim()) !== -1) {
|
|
1206
|
+
if (comment.indexOf(forbiddenWord.trim()) !== -1 || nick.indexOf(forbiddenWord.trim()) !== -1) {
|
|
1195
1207
|
console.log('包含违禁词,直接标记为垃圾评论~')
|
|
1196
1208
|
return true
|
|
1197
1209
|
}
|
package/package.json
CHANGED