From d2a54b062f45ab550a90c65bbbe1c203cc7790cb Mon Sep 17 00:00:00 2001 From: tone <3341154833@qq.com> Date: Mon, 23 Jun 2025 00:43:27 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E5=89=A9=E4=BD=99=E9=9C=80?= =?UTF-8?q?=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/admin-web-blog.controller.ts | 4 ++- tone-page-server/src/blog/blog.controller.ts | 22 ++++++++++-- tone-page-server/src/blog/blog.service.ts | 34 +++++++++++++++---- .../src/blog/entity/Blog.entity.ts | 1 + 4 files changed, 50 insertions(+), 11 deletions(-) diff --git a/tone-page-server/src/admin/controller/web/admin-web-blog.controller.ts b/tone-page-server/src/admin/controller/web/admin-web-blog.controller.ts index 0c106be..41bd565 100644 --- a/tone-page-server/src/admin/controller/web/admin-web-blog.controller.ts +++ b/tone-page-server/src/admin/controller/web/admin-web-blog.controller.ts @@ -30,7 +30,9 @@ export class AdminWebBlogController { @Get() async list() { - return this.adminWebBlogService.list(); + return this.adminWebBlogService.list({ + withAll: true, + }); } @Post() diff --git a/tone-page-server/src/blog/blog.controller.ts b/tone-page-server/src/blog/blog.controller.ts index b753dab..d8c7c15 100644 --- a/tone-page-server/src/blog/blog.controller.ts +++ b/tone-page-server/src/blog/blog.controller.ts @@ -14,13 +14,14 @@ import { OptionalAuthGuard } from 'src/auth/strategies/OptionalAuthGuard'; import { UserService } from 'src/user/user.service'; import { createBlogCommentDto } from './dto/create.blogcomment.dto'; import { Throttle, ThrottlerGuard } from '@nestjs/throttler'; +import { BlogPermission } from './Blog.Permission.enum'; @Controller('blog') export class BlogController { constructor( private readonly blogService: BlogService, private readonly userService: UserService, - ) {} + ) { } @Get() getBlogs() { @@ -28,9 +29,24 @@ export class BlogController { } @Get(':id') - async getBlog(@Param('id', new ParseUUIDPipe({ version: '4' })) id: string) { + async getBlog( + @Param('id', new ParseUUIDPipe({ version: '4' })) id: string, + @Param('p') password: string, + ) { const blog = await this.blogService.findById(id); - if (!blog) throw new BadRequestException('文章不存在'); + if (!blog) throw new BadRequestException('文章不存在或无权限访问'); + + if (!blog.permissions.includes(BlogPermission.Public)) { + // 无公开权限,则进一步检查是否有密码保护 + if (blog.permissions.includes(BlogPermission.ByPassword)) { + throw new BadRequestException('文章不存在或无权限访问'); + } else { + // 判断密码是否正确 + if (!password || this.blogService.hashPassword(password) !== blog.password_hash) { + throw new BadRequestException('文章不存在或无权限访问'); + } + } + } const blogDataRes = await fetch(`${blog.contentUrl}`); const blogContent = await blogDataRes.text(); diff --git a/tone-page-server/src/blog/blog.service.ts b/tone-page-server/src/blog/blog.service.ts index 9e10262..d4071df 100644 --- a/tone-page-server/src/blog/blog.service.ts +++ b/tone-page-server/src/blog/blog.service.ts @@ -1,7 +1,7 @@ import { Injectable } from '@nestjs/common'; import { InjectRepository } from '@nestjs/typeorm'; import { Blog } from './entity/Blog.entity'; -import { Repository } from 'typeorm'; +import { ArrayContains, Repository } from 'typeorm'; import { BlogComment } from './entity/BlogComment.entity'; import { BlogPermission } from './Blog.Permission.enum'; import { createHash } from 'crypto'; @@ -15,13 +15,29 @@ export class BlogService { private readonly blogCommentRepository: Repository, ) { } - async list() { - return this.blogRepository.find({ - where: { deletedAt: null }, + async list(option: { + withAll?: boolean; + } = {}) { + return (await this.blogRepository.find({ order: { createdAt: 'DESC', }, - }); + })) + .filter(i => option.withAll || i.permissions.includes(BlogPermission.List)) + .map(i => { + if (option.withAll) { + return i; + } + + const { createdAt, deletedAt, id, title, viewCount } = i; + return { + createdAt, + deletedAt, + id, + title, + viewCount, + } + }); } async create(dto: Partial & { password: string }) { @@ -44,7 +60,7 @@ export class BlogService { return (await this.blogRepository.update(id, { ...blog, - password_hash: createHash('sha256').update(`${password}`).digest('hex'), + password_hash: this.hashPassword(password), })).affected > 0; } @@ -60,7 +76,7 @@ export class BlogService { } async findById(id: string) { - return this.blogRepository.findOneBy({ id }); + return await this.blogRepository.findOneBy({ id }); } async incrementViewCount(id: string) { @@ -86,4 +102,8 @@ export class BlogService { const newComment = this.blogCommentRepository.create(comment); return this.blogCommentRepository.save(newComment); } + + hashPassword(password: string) { + return createHash('sha256').update(`${password}`).digest('hex'); + } } diff --git a/tone-page-server/src/blog/entity/Blog.entity.ts b/tone-page-server/src/blog/entity/Blog.entity.ts index 4e3ae84..35c8578 100644 --- a/tone-page-server/src/blog/entity/Blog.entity.ts +++ b/tone-page-server/src/blog/entity/Blog.entity.ts @@ -10,6 +10,7 @@ import { import { BlogComment } from './BlogComment.entity'; import { BlogPermission } from '../Blog.Permission.enum'; +/** @todo 考虑后续将权限的数据类型替换为json,以提高查询效率 */ @Entity() export class Blog { @PrimaryGeneratedColumn('uuid')