twikoo-vercel 1.5.4 → 1.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/api/index.js +20 -26
- package/package.json +1 -1
package/api/index.js
CHANGED
|
@@ -163,7 +163,7 @@ module.exports = async (requestArg, responseArg) => {
|
|
|
163
163
|
function allowCors () {
|
|
164
164
|
if (request.headers.origin) {
|
|
165
165
|
response.setHeader('Access-Control-Allow-Credentials', true)
|
|
166
|
-
response.setHeader('Access-Control-Allow-Origin',
|
|
166
|
+
response.setHeader('Access-Control-Allow-Origin', getAllowedOrigin())
|
|
167
167
|
response.setHeader('Access-Control-Allow-Methods', 'POST')
|
|
168
168
|
response.setHeader(
|
|
169
169
|
'Access-Control-Allow-Headers',
|
|
@@ -172,6 +172,18 @@ function allowCors () {
|
|
|
172
172
|
}
|
|
173
173
|
}
|
|
174
174
|
|
|
175
|
+
function getAllowedOrigin () {
|
|
176
|
+
const localhostRegex = /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)(:\d{1,5})?$/
|
|
177
|
+
if (localhostRegex.test(request.headers.origin)) {
|
|
178
|
+
return request.headers.origin
|
|
179
|
+
} else if (config.CORS_ALLOW_ORIGIN) {
|
|
180
|
+
// 许多用户设置安全域名时,喜欢带结尾的 "/",必须处理掉
|
|
181
|
+
return config.CORS_ALLOW_ORIGIN.replace(/\/$/, '')
|
|
182
|
+
} else {
|
|
183
|
+
return request.headers.origin
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
|
|
175
187
|
function anonymousSignIn () {
|
|
176
188
|
if (request.body) {
|
|
177
189
|
if (request.body.accessToken) {
|
|
@@ -1133,7 +1145,7 @@ async function parse (comment) {
|
|
|
1133
1145
|
comment: DOMPurify.sanitize(comment.comment, { FORBID_TAGS: ['style'], FORBID_ATTR: ['style'] }),
|
|
1134
1146
|
pid: comment.pid ? comment.pid : comment.rid,
|
|
1135
1147
|
rid: comment.rid,
|
|
1136
|
-
isSpam: isAdminUser ? false : preCheckSpam(comment
|
|
1148
|
+
isSpam: isAdminUser ? false : preCheckSpam(comment),
|
|
1137
1149
|
created: timestamp,
|
|
1138
1150
|
updated: timestamp
|
|
1139
1151
|
}
|
|
@@ -1177,7 +1189,7 @@ async function limitFilter () {
|
|
|
1177
1189
|
}
|
|
1178
1190
|
|
|
1179
1191
|
// 预垃圾评论检测
|
|
1180
|
-
function preCheckSpam (comment) {
|
|
1192
|
+
function preCheckSpam ({ comment, nick }) {
|
|
1181
1193
|
// 长度限制
|
|
1182
1194
|
let limitLength = parseInt(config.LIMIT_LENGTH)
|
|
1183
1195
|
if (Number.isNaN(limitLength)) limitLength = 500
|
|
@@ -1191,7 +1203,7 @@ function preCheckSpam (comment) {
|
|
|
1191
1203
|
} else if (config.FORBIDDEN_WORDS) {
|
|
1192
1204
|
// 违禁词检测
|
|
1193
1205
|
for (const forbiddenWord of config.FORBIDDEN_WORDS.split(',')) {
|
|
1194
|
-
if (comment.indexOf(forbiddenWord.trim()) !== -1) {
|
|
1206
|
+
if (comment.indexOf(forbiddenWord.trim()) !== -1 || nick.indexOf(forbiddenWord.trim()) !== -1) {
|
|
1195
1207
|
console.log('包含违禁词,直接标记为垃圾评论~')
|
|
1196
1208
|
return true
|
|
1197
1209
|
}
|
|
@@ -1432,11 +1444,11 @@ async function uploadImage (event) {
|
|
|
1432
1444
|
}
|
|
1433
1445
|
// tip: qcloud 图床走前端上传,其他图床走后端上传
|
|
1434
1446
|
if (config.IMAGE_CDN === '7bu') {
|
|
1435
|
-
await
|
|
1447
|
+
await uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: 'https://7bu.top' })
|
|
1436
1448
|
} else if (config.IMAGE_CDN === 'smms') {
|
|
1437
1449
|
await uploadImageToSmms({ photo, fileName, config, res })
|
|
1438
1450
|
} else if (isUrl(config.IMAGE_CDN)) {
|
|
1439
|
-
await uploadImageToLskyPro({ photo, fileName, config, res })
|
|
1451
|
+
await uploadImageToLskyPro({ photo, fileName, config, res, imageCdn: config.IMAGE_CDN })
|
|
1440
1452
|
}
|
|
1441
1453
|
} catch (e) {
|
|
1442
1454
|
console.error(e)
|
|
@@ -1446,24 +1458,6 @@ async function uploadImage (event) {
|
|
|
1446
1458
|
return res
|
|
1447
1459
|
}
|
|
1448
1460
|
|
|
1449
|
-
async function uploadImageTo7Bu ({ photo, fileName, config, res }) {
|
|
1450
|
-
// 去不图床旧版本 https://7bu.top
|
|
1451
|
-
// TODO: 2022 年 4 月 30 日后去不图床将会升级新版本,此处逻辑要同步更新
|
|
1452
|
-
const formData = new FormData()
|
|
1453
|
-
formData.append('image', base64UrlToReadStream(photo, fileName))
|
|
1454
|
-
const uploadResult = await axios.post('https://7bu.top/api/upload', formData, {
|
|
1455
|
-
headers: {
|
|
1456
|
-
...formData.getHeaders(),
|
|
1457
|
-
token: config.IMAGE_CDN_TOKEN
|
|
1458
|
-
}
|
|
1459
|
-
})
|
|
1460
|
-
if (uploadResult.data.code === 200) {
|
|
1461
|
-
res.data = uploadResult.data.data
|
|
1462
|
-
} else {
|
|
1463
|
-
throw new Error(uploadResult.data.msg)
|
|
1464
|
-
}
|
|
1465
|
-
}
|
|
1466
|
-
|
|
1467
1461
|
async function uploadImageToSmms ({ photo, fileName, config, res }) {
|
|
1468
1462
|
// SM.MS 图床 https://sm.ms
|
|
1469
1463
|
const formData = new FormData()
|
|
@@ -1481,11 +1475,11 @@ async function uploadImageToSmms ({ photo, fileName, config, res }) {
|
|
|
1481
1475
|
}
|
|
1482
1476
|
}
|
|
1483
1477
|
|
|
1484
|
-
async function uploadImageToLskyPro ({ photo, fileName, config, res }) {
|
|
1478
|
+
async function uploadImageToLskyPro ({ photo, fileName, config, res, imageCdn }) {
|
|
1485
1479
|
// 自定义兰空图床(v2)URL
|
|
1486
1480
|
const formData = new FormData()
|
|
1487
1481
|
formData.append('file', base64UrlToReadStream(photo, fileName))
|
|
1488
|
-
const url = `${
|
|
1482
|
+
const url = `${imageCdn}/api/v1/upload`
|
|
1489
1483
|
let token = config.IMAGE_CDN_TOKEN
|
|
1490
1484
|
if (!token.startsWith('Bearer')) {
|
|
1491
1485
|
token = `Bearer ${token}`
|
package/package.json
CHANGED