完成剩余需求

tone-page-server/src/admin/controller/web/admin-web-blog.controller.ts

@@ -30,7 +30,9 @@ export class AdminWebBlogController {
 
   @Get()
   async list() {
-    return this.adminWebBlogService.list();
+    return this.adminWebBlogService.list({
+      withAll: true,
+    });
   }
 
   @Post()

tone-page-server/src/blog/blog.controller.ts

@@ -14,6 +14,7 @@ import { OptionalAuthGuard } from 'src/auth/strategies/OptionalAuthGuard';
 import { UserService } from 'src/user/user.service';
 import { createBlogCommentDto } from './dto/create.blogcomment.dto';
 import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
+import { BlogPermission } from './Blog.Permission.enum';
 
 @Controller('blog')
 export class BlogController {
@@ -28,9 +29,24 @@ export class BlogController {
   }
 
   @Get(':id')
-  async getBlog(@Param('id', new ParseUUIDPipe({ version: '4' })) id: string) {
+  async getBlog(
+    @Param('id', new ParseUUIDPipe({ version: '4' })) id: string,
+    @Param('p') password: string,
+  ) {
     const blog = await this.blogService.findById(id);
-    if (!blog) throw new BadRequestException('文章不存在');
+    if (!blog) throw new BadRequestException('文章不存在或无权限访问');
+
+    if (!blog.permissions.includes(BlogPermission.Public)) {
+      // 无公开权限，则进一步检查是否有密码保护
+      if (blog.permissions.includes(BlogPermission.ByPassword)) {
+        throw new BadRequestException('文章不存在或无权限访问');
+      } else {
+        // 判断密码是否正确
+        if (!password || this.blogService.hashPassword(password) !== blog.password_hash) {
+          throw new BadRequestException('文章不存在或无权限访问');
+        }
+      }
+    }
 
     const blogDataRes = await fetch(`${blog.contentUrl}`);
     const blogContent = await blogDataRes.text();

tone-page-server/src/blog/blog.service.ts

@@ -1,7 +1,7 @@
 import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Blog } from './entity/Blog.entity';
-import { Repository } from 'typeorm';
+import { ArrayContains, Repository } from 'typeorm';
 import { BlogComment } from './entity/BlogComment.entity';
 import { BlogPermission } from './Blog.Permission.enum';
 import { createHash } from 'crypto';
@@ -15,12 +15,28 @@ export class BlogService {
     private readonly blogCommentRepository: Repository<BlogComment>,
   ) { }
 
-  async list() {
-    return this.blogRepository.find({
-      where: { deletedAt: null },
+  async list(option: {
+    withAll?: boolean;
+  } = {}) {
+    return (await this.blogRepository.find({
       order: {
         createdAt: 'DESC',
       },
+    }))
+      .filter(i => option.withAll || i.permissions.includes(BlogPermission.List))
+      .map(i => {
+        if (option.withAll) {
+          return i;
+        }
+
+        const { createdAt, deletedAt, id, title, viewCount } = i;
+        return {
+          createdAt,
+          deletedAt,
+          id,
+          title,
+          viewCount,
+        }
       });
   }
 
@@ -44,7 +60,7 @@ export class BlogService {
 
     return (await this.blogRepository.update(id, {
       ...blog,
-      password_hash: createHash('sha256').update(`${password}`).digest('hex'),
+      password_hash: this.hashPassword(password),
     })).affected > 0;
   }
 
@@ -60,7 +76,7 @@ export class BlogService {
   }
 
   async findById(id: string) {
-    return this.blogRepository.findOneBy({ id });
+    return await this.blogRepository.findOneBy({ id });
   }
 
   async incrementViewCount(id: string) {
@@ -86,4 +102,8 @@ export class BlogService {
     const newComment = this.blogCommentRepository.create(comment);
     return this.blogCommentRepository.save(newComment);
   }
+
+  hashPassword(password: string) {
+    return createHash('sha256').update(`${password}`).digest('hex');
+  }
 }

tone-page-server/src/blog/entity/Blog.entity.ts

@@ -10,6 +10,7 @@ import {
 import { BlogComment } from './BlogComment.entity';
 import { BlogPermission } from '../Blog.Permission.enum';
 
+/** @todo 考虑后续将权限的数据类型替换为json，以提高查询效率 */
 @Entity()
 export class Blog {
   @PrimaryGeneratedColumn('uuid')