添加 加密博客文章功能
This commit is contained in:
24
Server/src/APIs/Console/SetBlogPasswd.ts
Normal file
24
Server/src/APIs/Console/SetBlogPasswd.ts
Normal file
@@ -0,0 +1,24 @@
|
||||
import { API } from "../../Plugs/API/API";
|
||||
import ServerStdResponse from "../../ServerStdResponse";
|
||||
import MySQLConnection from '../../Plugs/MySQLConnection'
|
||||
import Auth from "../../Plugs/Middleware/Auth";
|
||||
import crypto from 'crypto'
|
||||
|
||||
// 设置博客密码
|
||||
class SetBlogPasswd extends API {
|
||||
constructor() {
|
||||
super('POST', '/console/setBlogPasswd', Auth);
|
||||
}
|
||||
|
||||
public async onRequset(data: any, res: any) {
|
||||
let { uuid, passwd } = data;
|
||||
if (!uuid || !passwd) {
|
||||
return res.json(ServerStdResponse.PARAMS_MISSING);
|
||||
}
|
||||
const encrypt_p = crypto.createHash('sha256').update(passwd).digest('hex');
|
||||
MySQLConnection.execute('UPDATE blog SET encrypt_p = ? WHERE uuid = ?', [encrypt_p, uuid]);
|
||||
return res.json({ ...ServerStdResponse.OK });
|
||||
}
|
||||
}
|
||||
|
||||
export default SetBlogPasswd;
|
||||
@@ -3,29 +3,52 @@ import ServerStdResponse from "../ServerStdResponse";
|
||||
import MySQLConnection from '../Plugs/MySQLConnection'
|
||||
import { Buffer } from 'buffer';
|
||||
import axios from "axios";
|
||||
|
||||
import crypto from 'crypto'
|
||||
import MountIP from "../Plugs/Middleware/MountIP";
|
||||
|
||||
// 获取博客内容
|
||||
class GetBlogContent extends API {
|
||||
constructor() {
|
||||
super('GET', '/blogContent');
|
||||
super('GET', '/blogContent', MountIP);
|
||||
}
|
||||
private defaultAccessLevel = 6;
|
||||
private AccessLevelRule = {
|
||||
allow: [8, 10],
|
||||
encrypt_allow: [7, 9]
|
||||
};
|
||||
|
||||
public async onRequset(data: any, res: any) {
|
||||
let { bloguuid } = data;
|
||||
let { bloguuid, passwd } = data;
|
||||
if (!bloguuid || bloguuid.length != 32) {
|
||||
return res.json(ServerStdResponse.INVALID_PARAMS);
|
||||
}
|
||||
|
||||
let blogContentRes = await MySQLConnection.execute('SELECT * from blog WHERE access_level > ? AND uuid = ? ', [this.defaultAccessLevel, bloguuid]);
|
||||
let blogContentRes = await MySQLConnection.execute(`SELECT * from blog WHERE access_level in (${this.AccessLevelRule.allow.join(',')}) AND uuid = ? `, [bloguuid]);
|
||||
if (!blogContentRes) {
|
||||
this.logger.error('查询时数据库发生错误');
|
||||
return res.json(ServerStdResponse.SERVER_ERROR);
|
||||
}
|
||||
if (blogContentRes.length != 1) {
|
||||
this.logger.warn('查询的博客不存在或不可见', bloguuid);
|
||||
return res.json(ServerStdResponse.BLOG.NOTFOUND);
|
||||
if (blogContentRes.length == 0) {
|
||||
// 公开范围不可见,查询允许无连接加密查看的数据
|
||||
blogContentRes = await MySQLConnection.execute(`SELECT * from blog WHERE access_level in (${this.AccessLevelRule.encrypt_allow.join(',')}) AND uuid = ? `, [bloguuid]);
|
||||
if (!blogContentRes) {
|
||||
this.logger.error('查询时数据库发生错误');
|
||||
return res.json(ServerStdResponse.SERVER_ERROR);
|
||||
}
|
||||
if (blogContentRes.length != 1) {
|
||||
this.logger.warn('查询的博客不存在或不可见', bloguuid);
|
||||
return res.json(ServerStdResponse.BLOG.NOTFOUND);
|
||||
}
|
||||
|
||||
// 验证密码是否存在和正确
|
||||
if (!passwd) {
|
||||
this.logger.warn(`客户端[${data._ip}]尝试访问受限制的博客,但并未提供密码`)
|
||||
return res.json(ServerStdResponse.BLOG.PROTECT_FLAG)
|
||||
}
|
||||
if (crypto.createHash('sha256').update(passwd).digest('hex') != blogContentRes[0].encrypt_p){
|
||||
this.logger.warn(`客户端[${data._ip}]尝试访问受限制的博客,并提供了错误的密码:${passwd}`)
|
||||
return res.json(ServerStdResponse.BLOG.PASSWD_ERROR)
|
||||
}
|
||||
this.logger.info(`客户端[${data._ip}]访问了受限制的博客`)
|
||||
}
|
||||
// 返回处理后的数据
|
||||
try {
|
||||
@@ -33,7 +56,8 @@ class GetBlogContent extends API {
|
||||
const response = await axios.get(markdownUrl);
|
||||
const base64Content = Buffer.from(response.data, 'utf-8').toString('base64');
|
||||
|
||||
MySQLConnection.execute('UPDATE blog SET visit_count = visit_count + 1 WHERE uuid = ?', [bloguuid]);
|
||||
// 访问次数+1
|
||||
// MySQLConnection.execute('UPDATE blog SET visit_count = visit_count + 1 WHERE uuid = ?', [bloguuid]);
|
||||
return res.json({
|
||||
...ServerStdResponse.OK, data: {
|
||||
data: base64Content,
|
||||
|
||||
@@ -7,10 +7,10 @@ class GetBlogList extends API {
|
||||
constructor() {
|
||||
super('GET', '/blogList');
|
||||
}
|
||||
private defaultAccessLevel = 6;
|
||||
private defaultAccessLevel = 9;
|
||||
|
||||
public async onRequset(data: any, res: any) {
|
||||
let blogListRes = await MySQLConnection.execute('SELECT uuid, title, description, publish_time, visit_count, like_count from blog WHERE access_level > ? ORDER BY publish_time DESC',[this.defaultAccessLevel]);
|
||||
let blogListRes = await MySQLConnection.execute('SELECT uuid, title, description, publish_time, visit_count, like_count from blog WHERE access_level >= ? ORDER BY publish_time DESC',[this.defaultAccessLevel]);
|
||||
if(!blogListRes){
|
||||
this.logger.error('查询时数据库发生错误');
|
||||
return res.json(ServerStdResponse.SERVER_ERROR);
|
||||
|
||||
Reference in New Issue
Block a user