feat: add a api to get the comment configuration.

Author: lisniuse

app/controller/api/base.js

@@ -4,6 +4,8 @@
 
 'use strict';
 
+const _ = require('lodash');
+
 const Controller = require('egg').Controller;
 const Model = require('modelman').Model;
 const is = require('ispro');
@@ -134,6 +136,24 @@ class BaseController extends Controller {
  return true;
  }
 
+ /**
+ * 获取当前用户可展示数据
+ */
+ async uinfo(isReturnAnonymous = false) {
+ const { ctx, service, config } = this;
+ let user = _.cloneDeep(ctx.locals.currentUser.user);
+ if (!user._id) {
+ if (isReturnAnonymous === true) {
+ let _user = await service.api.back.user.findOne({_id: config.constant.anonymousUserId});
+ user = _user._doc;
+ }
+ }
+ delete user._id;
+ delete user.password;
+ user.token = ctx.locals.currentUser.token;
+ return user;
+ }
+
  /**
  * 记录请求
  */

app/controller/api/front/comment.js

@@ -4,14 +4,29 @@
 
 'use strict';
 
-const BaseController = require('../base');
+const xss = require('xss');
 const marked = require('marked');
 const _ = require('lodash');
 
+const BaseController = require('../base');
 const modelPath = `${process.cwd()}/app/model/proto`;
 let commentModel = require(`${modelPath}/comment`);
 
 class CommentController extends BaseController {
+ 
+ /**
+ * 获取评论配置
+ */
+ async conf() {
+ const { service } = this;
+ const comment = await service.api.front.config.alias('comment');
+ const site = await service.api.front.config.alias('site');
+ let config = Object.assign(comment.info, {
+ boolCommentLogin: site.info.boolCommentLogin,
+ currentUser: await this.uinfo(true)
+ });
+ this.throwCorrect(config);
+ }
 
  /**
  * 获取评论列表
@@ -21,7 +36,7 @@ class CommentController extends BaseController {
  await this.decorator({
  get: {
  numberId: {
- n: '文章NumberId',
+ n: '所属文章序号',
  type: 'Number',
  f: true,
  r: true
@@ -49,22 +64,23 @@ class CommentController extends BaseController {
  */
  async create() {
  const {
- service
+ service,
+ config
  } = this;
  await this.decorator({
  post: {
- articleNumberId: { n: '所属文章序号', type: 'Number', f: true, t: true, r: true }, // 所属文章序号
+ numberId: { n: '所属文章序号', type: 'Number', f: true, t: true, r: true }, // 所属文章序号
  mdContent: { n: '评论内容', type: 'String', f: true, t: false, r: true } // 评论的markdown内容
  }
  });
 
- let userId = this.userId; 
- let config = await service.api.front.config.alias('site');
- let site = config.info;
+ let userId = this.userId;
+ let siteConfig = await service.api.front.config.alias('site');
+ let site = siteConfig.info;
  if (site.boolCommentLogin) {
  if (!userId) this.throwError('请登陆后再评论');
  } else {
- if (!userId) userId = '5c9648d94a4cf500067b6770';
+ if (!userId) userId = config.constant.anonymousUserId;
  }
 
  let params = this.params;
@@ -74,25 +90,26 @@ class CommentController extends BaseController {
  if (!user) this.throwError('用户不存在');
 
  // 查找所属文章
- let article = await service.api.front.article.numberId(params.articleNumberId);
+ let article = await service.api.front.article.numberId(params.numberId);
  if (!article) this.throwError('文章不存在');
 
  // 赋值
+ params.articleNumberId = params.numberId;
  params.articleId = article._id;
  params.userId = userId;
 
- // 转化markdown代码
- if (params.mdContent) params.htContent = marked(params.mdContent);
+ // 转化markdown代码，并过滤潜在的会导致xss攻击的代码。
+ if (params.mdContent) params.htContent = marked(xss(params.mdContent));
 
  // 创建评论
  let createRes = await service.api.front.comment.create(params);
 
  if (createRes._id) {
  // 给文章增加评论数
  await service.api.front.article.updateComment(article._id);
- this.throwCorrect(createRes, '评论创建完成');
+ this.throwCorrect(createRes, '评论成功');
  } else {
- this.throwError('评论创建失败');
+ this.throwError('评论失败，未知错误。');
  }
  }
 }

app/middleware/user_get_info.js

@@ -13,6 +13,7 @@ module.exports = options => {
  let res = null;
  let currentUser = {
  user: {},
+ token: token,
  auth: {
  isLogin: false,
  isExpired: true

app/routes/api/front/comment.js

@@ -1,6 +1,7 @@
 /** 评论相关api */
 module.exports = function(app) {
  const { router, controller } = app;
- router.get('/api/front/comment/list', controller.api.front.comment.list); // 评论列表
+ router.get('/api/front/comment/config', controller.api.front.comment.conf); // 获取评论配置
+ router.get('/api/front/comment/list', controller.api.front.comment.list); // 获取评论列表
  router.post('/api/front/comment/create', controller.api.front.comment.create); // 新增评论
 }

app/theme/bokex/static/images/www.html

@@ -0,0 +1,200 @@
+<!DOCTYPE html>
+<!-- saved from url=(0040)chrome-search://local-ntp/local-ntp.html -->
+<html darkmode="false"><!-- Copyright 2015 The Chromium Authors. All rights reserved.
+ Use of this source code is governed by a BSD-style license that can be
+ found in the LICENSE file. --><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <link rel="stylesheet" href="chrome-search://local-ntp/animations.css">
+ <link rel="stylesheet" href="chrome-search://local-ntp/local-ntp-common.css">
+ <link rel="stylesheet" href="chrome-search://local-ntp/custom-backgrounds.css">
+ <link rel="stylesheet" href="chrome-search://local-ntp/doodles.css">
+ <link rel="stylesheet" href="chrome-search://local-ntp/local-ntp.css">
+ <link rel="stylesheet" href="chrome-search://local-ntp/theme.css">
+ <link rel="stylesheet" href="chrome-search://local-ntp/voice.css">
+ <meta http-equiv="Content-Security-Policy" content="object-src &#39;none&#39;;child-src chrome-search://most-visited/ https://*.google.com/ ;script-src &#39;strict-dynamic&#39; &#39;sha256-EVjR8L4xuo0c7UNzAtLmKQoojKIjdHqYIqdanwmukFQ=&#39; &#39;sha256-ps+f+kvXv/saiMZBvZdqrnWV6Gcxo4dQ9UAG6SXPM6M=&#39; &#39;sha256-YUYyUdaHPr4vPwR1MbbgywsO6nfhVmXMpy6ILGW3rKk=&#39; &#39;sha256-ydzrIpu7RPpN+/W1u5M3gE6zl+u6KRMtbQEzdDt/Uao=&#39; &#39;sha256-KNY16OU2yK5dZbn5VtmVD+8Nko2v7x2ZPfUGq+DvZEs=&#39; &#39;sha256-lj3Ybq0OcgGBTQmk7PbTtC0eH6NJaDsZHXnY9olO7Mk=&#39; &#39;sha256-Fd4vl8ndIuN6+ZRznHRIY8SInoMG8RWncO1Y0T/2GtM=&#39;;">
+ <script src="chrome-search://local-ntp/animations.js" integrity="sha256-EVjR8L4xuo0c7UNzAtLmKQoojKIjdHqYIqdanwmukFQ="></script>
+ <script src="chrome-search://local-ntp/config.js" integrity="sha256-Fd4vl8ndIuN6+ZRznHRIY8SInoMG8RWncO1Y0T/2GtM="></script>
+ <script src="chrome-search://local-ntp/custom-backgrounds.js" integrity="sha256-ps+f+kvXv/saiMZBvZdqrnWV6Gcxo4dQ9UAG6SXPM6M="></script>
+ <script src="chrome-search://local-ntp/doodles.js" integrity="sha256-YUYyUdaHPr4vPwR1MbbgywsO6nfhVmXMpy6ILGW3rKk="></script>
+ <script src="chrome-search://local-ntp/local-ntp.js" integrity="sha256-ydzrIpu7RPpN+/W1u5M3gE6zl+u6KRMtbQEzdDt/Uao="></script>
+ <script src="chrome-search://local-ntp/utils.js" integrity="sha256-KNY16OU2yK5dZbn5VtmVD+8Nko2v7x2ZPfUGq+DvZEs="></script>
+ 
+ <meta name="google" value="notranslate">
+ <meta name="referrer" content="strict-origin">
+</head>
+<body class="light-chip mac inited" style="background: rgb(255, 255, 255);">
+ <div id="custom-bg" style="opacity: 0;"></div>
+ <!-- Container for the OneGoogleBar HTML. -->
+ <div id="one-google" class="hidden"></div>
+
+ <div id="ntp-contents" class="default-theme">
+ <div id="logo">
+ <!-- The logo that is displayed in the absence of a doodle. -->
+ <div id="logo-default" title="Google" class="show-logo"></div>
+ <!-- Logo displayed when theme prevents doodles. Doesn't fade. -->
+ <div id="logo-non-white" title="Google"></div>
+ <!-- A doodle, if any: its link and image. -->
+ <div id="logo-doodle">
+ <div id="logo-doodle-container">
+ <button id="logo-doodle-button">
+ <img id="logo-doodle-image" tabindex="-1">
+ </button>
+ </div>
+ <iframe id="logo-doodle-iframe" scrolling="no" src="./www_files/saved_resource.html"></iframe>
+ <!-- A spinner, prompting the doodle. Visible on NTPs with customized
+ backgrounds. -->
+ <button id="logo-doodle-notifier" title="点击即可查看今日的涂鸦">
+ <div class="outer ball0"><div class="inner"></div></div>
+ <div class="outer ball1"><div class="inner"></div></div>
+ <div class="outer ball2"><div class="inner"></div></div>
+ <div class="outer ball3"><div class="inner"></div></div>
+ </button>
+ </div>
+ </div>
+
+ <div id="fakebox-container">
+ <div id="fakebox">
+ <div id="fakebox-search-icon"></div>
+ <div id="fakebox-text">在 Google 上搜索，或者输入一个网址</div>
+ <input id="fakebox-input" autocomplete="off" tabindex="-1" type="url" aria-hidden="true">
+ <div id="fakebox-cursor"></div>
+ <button id="fakebox-microphone" title="语音搜索"></button>
+ </div>
+ </div>
+
+ <!-- TODO(crbug/944624): Remove wrapper after experiment is complete. -->
+ <div id="user-content-wrapper">
+ <div id="user-content">
+ <!-- Search suggestions will be inserted here. -->
+ <div id="most-visited" class="md-icons">
+ <!-- The container for the tiles. The MV iframe goes in here. -->
+ <div id="mv-tiles" class="md-icons"><iframe id="mv-single" name="mv-single" title="常去网站" src="./www_files/single.html"></iframe></div>
+ <!-- Notification shown when a tile is blacklisted. -->
+ <div id="mv-notice-container">
+ <div id="mv-notice" class="notice-hide" role="alert">
+ <span id="mv-msg">已移除快捷方式</span>
+ <!-- Links in the notification. -->
+ <span id="mv-notice-links">
+ <span id="mv-undo" class="ripple" tabindex="0" role="button">撤消</span>
+ <span id="mv-restore" class="ripple" tabindex="0" role="button">恢复默认快捷方式</span>
+ <div id="mv-notice-x" tabindex="0" role="button"></div>
+ </span>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <div id="attribution" style="display: none;"><div id="attribution-text">主题背景创建者：</div></div>
+
+ <div id="error-notice-container">
+ <div id="error-notice" class="notice-hide" role="alert">
+ <span id="error-notice-icon"></span>
+ <span id="error-notice-msg"></span>
+ <span id="error-notice-link" class="ripple" tabindex="0" role="button"></span>
+ </div>
+ </div>
+
+ <div id="edit-bg" tabindex="0" role="button" class="ep-enhanced">
+ <div id="edit-bg-icon" aria-label="自定义此页" title="自定义此页"></div>
+ <span id="edit-bg-text">自定义</span>
+ </div>
+
+ <div id="custom-bg-attr"></div>
+ </div>
+
+ <dialog div="" id="edit-bg-dialog">
+ <div id="edit-bg-menu">
+ <div id="edit-bg-title">自定义此页</div>
+ <div id="edit-bg-default-wallpapers" class="bg-option" tabindex="0">
+ <div class="bg-option-img"></div>
+ <div id="edit-bg-default-wallpapers-text" class="bg-option-text">Chrome 背景</div>
+ </div>
+ <div id="edit-bg-upload-image" class="bg-option" tabindex="0">
+ <div class="bg-option-img"></div>
+ <div id="edit-bg-upload-image-text" class="bg-option-text">上传图片</div>
+ </div>
+ <div id="edit-bg-divider"></div>
+ <div id="custom-links-restore-default" class="bg-option bg-option-disabled" tabindex="-1">
+ <div class="bg-option-img"></div>
+ <div id="custom-links-restore-default-text" class="bg-option-text">恢复默认快捷方式</div>
+ </div>
+ <div id="edit-bg-restore-default" class="bg-option bg-option-disabled" tabindex="-1">
+ <div class="bg-option-img"></div>
+ <div id="edit-bg-restore-default-text" class="bg-option-text">恢复默认背景</div>
+ </div>
+ </div>
+ </dialog>
+
+ <dialog id="ddlsd">
+ <div id="ddlsd-title"></div>
+ <button id="ddlsd-close"></button>
+ <div id="ddlsd-content">
+ <button id="ddlsd-fbb" class="ddlsd-sbtn"></button>
+ <button id="ddlsd-twb" class="ddlsd-sbtn"></button>
+ <button id="ddlsd-emb" class="ddlsd-sbtn"></button>
+ <hr id="ddlsd-hr">
+ <div id="ddlsd-link">
+ <button id="ddlsd-copy"></button>
+ <span id="ddlsd-text-ctr">
+ <input type="text" id="ddlsd-text" dir="ltr">
+ </span>
+ </div>
+ </div>
+ </dialog>
+
+ <dialog id="bg-sel-menu" class="customize-dialog">
+ <div id="bg-sel-title-bar">
+ <div id="bg-sel-back-circle" tabindex="0" role="button" aria-label="后退">
+ <div id="bg-sel-back"></div>
+ </div>
+ <div id="bg-sel-title"></div>
+ </div>
+ <div id="bg-sel-tiles" tabindex="0"></div>
+ <div id="bg-sel-footer">
+ <label id="bg-daily-refresh" class="switch">
+ <input type="checkbox">
+ <span class="toggle"></span>
+ </label>
+ <div id="bg-sel-refresh-text">每日刷新</div>
+ <button id="bg-sel-footer-cancel" class="bg-sel-footer-button paper secondary ripple" tabindex="0" aria-label="取消">取消</button>
+ <button id="bg-sel-footer-done" class="bg-sel-footer-button paper primary ripple" tabindex="-1" aria-label="完成" disabled="">完成</button>
+ </div>
+ </dialog>
+
+ <dialog id="voice-overlay-dialog" class="overlay-dialog">
+ <div id="voice-overlay" class="overlay-hidden">
+ <button id="voice-close-button" class="close-button">×</button>
+ <div id="voice-outer" class="outer">
+ <div class="inner-container">
+ <div id="voice-button-container" class="button-container">
+ <!-- The audio level animation. -->
+ <span id="voice-level" class="level"></span>
+ <!-- The microphone button. -->
+ <span id="voice-button" class="button">
+ <!-- The microphone icon (in CSS). -->
+ <div class="microphone">
+ <span class="receiver"></span>
+ <div class="wrapper">
+ <span class="stem"></span>
+ <span class="shell"></span>
+ </div>
+ </div>
+ </span>
+ </div>
+ <div class="text-container">
+ <!-- Low confidence text underneath high confidence text. -->
+ <span id="voice-text-i" class="voice-text"></span>
+ <!-- High confidence text on top of low confidence text. -->
+ <span id="voice-text-f" class="voice-text"></span>
+ </div>
+ </div>
+ </div>
+ </div>
+ </dialog>
+
+ <div id="one-google-end-of-body"></div>
+
+ <script defer="" src="chrome-search://local-ntp/voice.js" integrity="sha256-lj3Ybq0OcgGBTQmk7PbTtC0eH6NJaDsZHXnY9olO7Mk="></script>
+
+
+<script id="search-suggestions-loader" src="chrome-search://local-ntp/search-suggestions.js"></script><script src="chrome-search://local-ntp/doodle.js"></script><dialog id="custom-links-edit-dialog" class="customize-dialog"><iframe id="custom-links-edit" name="custom-links-edit" title="修改快捷方式" src="./www_files/edit.html"></iframe></dialog><script src="chrome-search://local-ntp/doodle.js?v=22"></script><script id="one-google-loader" src="chrome-search://local-ntp/one-google.js"></script><script id="promo-loader" src="chrome-search://local-ntp/promo.js"></script></body></html>