添加 加密博客文章功能
This commit is contained in:
@@ -3,29 +3,52 @@ import ServerStdResponse from "../ServerStdResponse";
|
||||
import MySQLConnection from '../Plugs/MySQLConnection'
|
||||
import { Buffer } from 'buffer';
|
||||
import axios from "axios";
|
||||
|
||||
import crypto from 'crypto'
|
||||
import MountIP from "../Plugs/Middleware/MountIP";
|
||||
|
||||
// 获取博客内容
|
||||
class GetBlogContent extends API {
|
||||
constructor() {
|
||||
super('GET', '/blogContent');
|
||||
super('GET', '/blogContent', MountIP);
|
||||
}
|
||||
private defaultAccessLevel = 6;
|
||||
private AccessLevelRule = {
|
||||
allow: [8, 10],
|
||||
encrypt_allow: [7, 9]
|
||||
};
|
||||
|
||||
public async onRequset(data: any, res: any) {
|
||||
let { bloguuid } = data;
|
||||
let { bloguuid, passwd } = data;
|
||||
if (!bloguuid || bloguuid.length != 32) {
|
||||
return res.json(ServerStdResponse.INVALID_PARAMS);
|
||||
}
|
||||
|
||||
let blogContentRes = await MySQLConnection.execute('SELECT * from blog WHERE access_level > ? AND uuid = ? ', [this.defaultAccessLevel, bloguuid]);
|
||||
let blogContentRes = await MySQLConnection.execute(`SELECT * from blog WHERE access_level in (${this.AccessLevelRule.allow.join(',')}) AND uuid = ? `, [bloguuid]);
|
||||
if (!blogContentRes) {
|
||||
this.logger.error('查询时数据库发生错误');
|
||||
return res.json(ServerStdResponse.SERVER_ERROR);
|
||||
}
|
||||
if (blogContentRes.length != 1) {
|
||||
this.logger.warn('查询的博客不存在或不可见', bloguuid);
|
||||
return res.json(ServerStdResponse.BLOG.NOTFOUND);
|
||||
if (blogContentRes.length == 0) {
|
||||
// 公开范围不可见,查询允许无连接加密查看的数据
|
||||
blogContentRes = await MySQLConnection.execute(`SELECT * from blog WHERE access_level in (${this.AccessLevelRule.encrypt_allow.join(',')}) AND uuid = ? `, [bloguuid]);
|
||||
if (!blogContentRes) {
|
||||
this.logger.error('查询时数据库发生错误');
|
||||
return res.json(ServerStdResponse.SERVER_ERROR);
|
||||
}
|
||||
if (blogContentRes.length != 1) {
|
||||
this.logger.warn('查询的博客不存在或不可见', bloguuid);
|
||||
return res.json(ServerStdResponse.BLOG.NOTFOUND);
|
||||
}
|
||||
|
||||
// 验证密码是否存在和正确
|
||||
if (!passwd) {
|
||||
this.logger.warn(`客户端[${data._ip}]尝试访问受限制的博客,但并未提供密码`)
|
||||
return res.json(ServerStdResponse.BLOG.PROTECT_FLAG)
|
||||
}
|
||||
if (crypto.createHash('sha256').update(passwd).digest('hex') != blogContentRes[0].encrypt_p){
|
||||
this.logger.warn(`客户端[${data._ip}]尝试访问受限制的博客,并提供了错误的密码:${passwd}`)
|
||||
return res.json(ServerStdResponse.BLOG.PASSWD_ERROR)
|
||||
}
|
||||
this.logger.info(`客户端[${data._ip}]访问了受限制的博客`)
|
||||
}
|
||||
// 返回处理后的数据
|
||||
try {
|
||||
@@ -33,7 +56,8 @@ class GetBlogContent extends API {
|
||||
const response = await axios.get(markdownUrl);
|
||||
const base64Content = Buffer.from(response.data, 'utf-8').toString('base64');
|
||||
|
||||
MySQLConnection.execute('UPDATE blog SET visit_count = visit_count + 1 WHERE uuid = ?', [bloguuid]);
|
||||
// 访问次数+1
|
||||
// MySQLConnection.execute('UPDATE blog SET visit_count = visit_count + 1 WHERE uuid = ?', [bloguuid]);
|
||||
return res.json({
|
||||
...ServerStdResponse.OK, data: {
|
||||
data: base64Content,
|
||||
|
||||
Reference in New Issue
Block a user