fix(0.2.5): 新增评论审核，修复问题 (#35)

* 新增 AKISMET 评论审核
* 新增 人工审核
* 修复 配置表为空时，无法保存配置
* 完善文档

Author: imaegoo

README.md

@@ -10,18 +10,26 @@ A simple, safe, serverless comment system based on Tencent CloudBase (tcb).
 
 ## 特色 | Features
 
-* 评论 | Comment
-* 点赞 | Like
-* 纯静态 | Static pages
-* 可嵌入 | Embedded
-* 免费搭建 | Free deploy
-* 存储安全 | Security
-* 反垃圾评论 | Akismet
-* 邮件 / 微信通知 | Email / WeChat notify
-
-## 演示 | Demo
-
-请查看[twikoo.js.org](https://twikoo.js.org)
+* 免费搭建（※1）
+* 隐私安全（※2）
+* 支持邮件与微信通知（※3）
+* 支持反垃圾评论（※4）
+
+注：<br>
+※1 Twikoo 使用云开发作为评论后台，每个用户均长期享受1个免费的标准型基础版1资源套餐<br>
+※2 Twikoo 通过云函数控制敏感字段（邮箱、IP、环境配置等）不会泄露<br>
+※3 微信提醒基于 [Server酱](https://sc.ftqq.com/3.version)，需自行注册并获取API key<br>
+※4 反垃圾基于 [akismet.com](https://akismet.com/)，需自行注册并获取API key
+
+## 预览 | Preview
+
+### 评论
+
+![评论](./docs/static/readme-1.png)
+
+### 评论管理
+
+![评论管理](./docs/static/readme-2.png)
 
 ## 快速上手 | Quick Start
 

docs/.vuepress/theme/layouts/Layout.vue

@@ -3,7 +3,7 @@
     <template #page-bottom>
       <div class="page-edit">
         <div id="twikoo"></div>
-        <script src="https://cdn.jsdelivr.net/npm/twikoo@0.2.4/dist/twikoo.all.min.js" ref="twikooJs"></script>
+        <script src="https://cdn.jsdelivr.net/npm/twikoo@0.2.5/dist/twikoo.all.min.js" ref="twikooJs"></script>
       </div>
     </template>
   </ParentLayout>

docs/README.md

@@ -10,18 +10,26 @@ A simple, safe, serverless comment system based on Tencent CloudBase (tcb).
 
 ## 特色
 
-* 评论 | Comment
-* 点赞 | Like
-* 纯静态 | Static pages
-* 可嵌入 | Embedded
-* 免费搭建 | Free deploy
-* 存储安全 | Security
-* 反垃圾评论 | Akismet
-* 邮件 / 微信通知 | Email / WeChat notify
+* 免费搭建（※1）
+* 隐私安全（※2）
+* 支持邮件与微信通知（※3）
+* 支持反垃圾评论（※4）
+
+> 注：<br>
+> ※1 Twikoo 使用云开发作为评论后台，每个用户均长期享受1个免费的标准型基础版1资源套餐<br>
+> ※2 Twikoo 通过云函数控制敏感字段（邮箱、IP、环境配置等）不会泄露<br>
+> ※3 微信提醒基于 [Server酱](https://sc.ftqq.com/3.version)，需自行注册并获取API key<br>
+> ※4 反垃圾基于 [akismet.com](https://akismet.com/)，需自行注册并获取API key
 
 ## 预览
 
-[https://www.imaegoo.com/2020/hello-twikoo/](https://www.imaegoo.com/2020/hello-twikoo/)
+### 评论
+
+![评论](./static/readme-1.png)
+
+### 评论管理
+
+![评论管理](./static/readme-2.png)
 
 ## 交流群
 
@@ -47,8 +55,8 @@ A simple, safe, serverless comment system based on Tencent CloudBase (tcb).
 | ---- | ---- | ---- |
 | 已完成 | P0 | 文档撰写 |
 | 已完成 | P1 | 评论管理 |
-| 开发中 | P2 | 人工审核 |
-| 开发中 | P2 | AKISMET 审核 |
+| 已完成 | P2 | 人工审核 |
+| 已完成 | P2 | AKISMET 审核 |
 | 开发中 | P2 | 完整 Markdown 适配 |
 | 计划中 | P3 | Emoji 表情 |
 | 计划中 | P3 | 图片表情 |

docs/quick-start.md

@@ -90,7 +90,7 @@ Butterfly 目前支持 Twikoo，请查看 [Butterfly 安裝文檔(四) 主題配
 
 ``` html
 <div id="tcomment"></div>
-<script src="https://cdn.jsdelivr.net/npm/twikoo@0.2.4/dist/twikoo.all.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/twikoo@0.2.5/dist/twikoo.all.min.js"></script>
 <script>twikoo.init({ envId: '您的环境id', el: '#tcomment' })</script>
 ```
 

docs/static/readme-1.png

@@ -1,6 +1,6 @@
 {
   "name": "twikoo",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "A simple comment system based on Tencent CloudBase (tcb).",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",

docs/static/readme-2.png

@@ -1,5 +1,5 @@
 /*!
- * Twikoo cloudbase function v0.2.4
+ * Twikoo cloudbase function v0.2.5
  * (c) 2020-2020 iMaeGoo
  * Released under the MIT License.
  */
@@ -12,6 +12,7 @@ const nodemailer = require('nodemailer')
 const axios = require('axios')
 const qs = require('querystring')
 const $ = require('cheerio')
+const { AkismetClient } = require('akismet-api')
 
 // 云函数 SDK / tencent cloudbase sdk
 const app = tcb.init({ env: tcb.SYMBOL_CURRENT_ENV })
@@ -20,7 +21,7 @@ const db = app.database()
 const _ = db.command
 
 // 常量 / constants
-const VERSION = '0.2.4'
+const VERSION = '0.2.5'
 const RES_CODE = {
   SUCCESS: 0,
   FAIL: 1000,
@@ -58,6 +59,9 @@ exports.main = async (event, context) => {
       case 'COMMENT_GET_FOR_ADMIN':
         res = await commentGetForAdmin(event)
         break
+      case 'COMMENT_SET_FOR_ADMIN':
+        res = await commentSetForAdmin(event)
+        break
       case 'COMMENT_DELETE_FOR_ADMIN':
         res = await commentDeleteForAdmin(event)
         break
@@ -77,10 +81,10 @@ exports.main = async (event, context) => {
         res = await setPassword(event)
         break
       case 'GET_CONFIG':
-        res = await getConfig(event)
+        res = await getConfig()
         break
       case 'GET_CONFIG_FOR_ADMIN':
-        res = await getConfigForAdmin(event)
+        res = await getConfigForAdmin()
         break
       case 'SET_CONFIG':
         res = await setConfig(event)
@@ -297,6 +301,25 @@ function parseCommentForAdmin (comments) {
   return comments
 }
 
+// 管理员修改评论
+async function commentSetForAdmin (event) {
+  const res = {}
+  const isAdminUser = await isAdmin()
+  if (isAdminUser) {
+    validate(event, ['id', 'set'])
+    const data = await db
+      .collection('comment')
+      .doc(event.id)
+      .update(event.set)
+    res.code = RES_CODE.SUCCESS
+    res.updated = data.updated
+  } else {
+    res.code = RES_CODE.NEED_LOGIN
+    res.message = '请先登录'
+  }
+  return res
+}
+
 // 管理员删除评论
 async function commentDeleteForAdmin (event) {
   const res = {}
@@ -374,21 +397,15 @@ async function commentSubmit (event) {
     await createCollections()
     await readConfig()
   }
-  let comment
-  try {
-    comment = await save(event)
-  } catch (e) {
-    await createCollections()
-    comment = await save(event)
-  }
+  const comment = await save(event)
   res.id = comment.id
   await sendMail(comment)
   return res
 }
 
 // 保存评论
 async function save (event) {
-  const data = parse(event)
+  const data = await parse(event)
   const result = await db
     .collection('comment')
     .add(data)
@@ -545,9 +562,9 @@ async function noticeReply (currentComment) {
 }
 
 // 将评论转为数据库存储格式
-function parse (comment) {
+async function parse (comment) {
   const timestamp = new Date().getTime()
-  return {
+  const commentDo = {
     nick: comment.nick ? comment.nick : 'Anonymous',
     mail: comment.mail ? comment.mail : '',
     mailMd5: comment.mail ? md5(comment.mail) : '',
@@ -563,6 +580,45 @@ function parse (comment) {
     created: timestamp,
     updated: timestamp
   }
+  commentDo.isSpam = await checkSpam(commentDo)
+  return commentDo
+}
+
+// 垃圾评论检测
+async function checkSpam (comment) {
+  // 使用全局配置，不需要重新读取配置
+  if (!config.AKISMET_KEY) {
+    return false
+  } else if (config.AKISMET_KEY === 'MANUAL_REVIEW') {
+    console.log('已使用人工审核模式，评论审核后才会发表~')
+    return true
+  } else {
+    try {
+      const akismetClient = new AkismetClient({
+        key: config.AKISMET_KEY,
+        blog: config.SITE_URL
+      })
+      const isValid = await akismetClient.verifyKey()
+      if (!isValid) {
+        console.log('Akismet key 不可用：', config.AKISMET_KEY)
+        return
+      }
+      const isSpam = await akismetClient.checkSpam({
+        user_ip: comment.ip,
+        user_agent: comment.ua,
+        permalink: comment.href,
+        comment_type: comment.rid ? 'reply' : 'comment',
+        comment_author: comment.nick,
+        comment_author_email: comment.mail,
+        comment_author_url: comment.link,
+        comment_content: comment.comment
+      })
+      console.log('垃圾评论检测结果：', isSpam)
+      return isSpam
+    } catch (err) {
+      console.error('Akismet 异常：', err)
+    }
+  }
 }
 
 /**
@@ -692,16 +748,14 @@ async function writeConfig (newConfig) {
   console.log('写入配置：', newConfig)
   try {
     let updated
-    const existConfig = await readConfig()
-    if (existConfig) {
-      const res = await db
-        .collection('config')
-        .where({}) // 不加 where 会报错 Error: param should have required property 'query'
-        .limit(1)
-        .update(newConfig)
-      updated = res.updated
-    } else {
-      const res = await db
+    let res = await db
+      .collection('config')
+      .where({}) // 不加 where 会报错 Error: param should have required property 'query'
+      .limit(1)
+      .update(newConfig)
+    updated = res.updated
+    if (updated === 0) {
+      res = await db
         .collection('config')
         .add(newConfig)
       updated = res.id ? 1 : 0

package.json

@@ -3,6 +3,7 @@
   "main": "index.js",
   "dependencies": {
     "@cloudbase/node-sdk": "^2.4.0",
+    "akismet-api": "^5.1.0",
     "axios": "^0.21.0",
     "blueimp-md5": "^2.18.0",
     "bowser": "^2.11.0",

src/function/twikoo/index.js

@@ -5,10 +5,18 @@
       <el-table-column prop="mail" label="邮箱" show-overflow-tooltip />
       <el-table-column prop="link" label="网址" show-overflow-tooltip />
       <el-table-column prop="commentText" label="评论" show-overflow-tooltip />
-      <el-table-column width="150" label="操作">
+      <el-table-column prop="isSpam" width="50" :formatter="statusFormatter" label="状态" />
+      <el-table-column width="50" label="操作">
         <template slot-scope="scope">
-          <el-button size="mini" @click="handleView(scope.row)" type="primary">查看</el-button>
-          <el-button size="mini" @click="handleDelete(scope.row)" type="danger">删除</el-button>
+          <el-tooltip placement="left" width="160">
+            <el-button type="text">操作</el-button>
+            <div class="tk-admin-actions" slot="content">
+              <el-button size="mini" @click="handleView(scope.row)" type="primary">查看</el-button>
+              <el-button size="mini" v-if="scope.row.isSpam" @click="handleSpam(scope.row, false)" type="warning">显示</el-button>
+              <el-button size="mini" v-if="!scope.row.isSpam" @click="handleSpam(scope.row, true)" type="warning">隐藏</el-button>
+              <el-button size="mini" @click="handleDelete(scope.row)" type="danger">删除</el-button>
+            </div>
+          </el-tooltip>
         </template>
       </el-table-column>
     </el-table>
@@ -53,6 +61,9 @@ export default {
       this.currentPage = e
       this.getComments()
     },
+    statusFormatter (row, column, cell) {
+      return cell ? '隐藏' : '显示'
+    },
     handleView (comment) {
       window.open(comment.href || comment.url)
     },
@@ -63,6 +74,15 @@ export default {
       })
       await this.getComments()
       this.loading = false
+    },
+    async handleSpam (comment, isSpam) {
+      this.loading = true
+      await call(this.$tcb, 'COMMENT_SET_FOR_ADMIN', {
+        id: comment._id,
+        set: { isSpam }
+      })
+      await this.getComments()
+      this.loading = false
     }
   },
   mounted () {
@@ -122,4 +142,7 @@ export default {
 .tk-admin-comment /deep/ .el-icon-d-arrow-right::before {
   content: '...';
 }
+.tk-admin-actions {
+  display: flex;
+}
 </style>

src/function/twikoo/package.json

@@ -39,7 +39,7 @@ export default {
         {
           name: '反垃圾',
           items: [
-            { key: 'AKISMET_KEY', desc: '反垃圾评论 API key（暂未上线，敬请期待）。', ph: '示例：8651783ed123', value: '' }
+            { key: 'AKISMET_KEY', desc: 'Akismet 反垃圾评论，用于垃圾评论检测，设为 "MANUAL_REVIEW" 开启人工审核，留空不使用反垃圾。注册：https://akismet.com', ph: '示例：8651783edxxx', value: '' }
           ]
         },
         {
@@ -53,7 +53,7 @@ export default {
           items: [
             { key: 'SENDER_EMAIL', desc: '邮件通知邮箱地址。对于大多数邮箱服务商，SENDER_EMAIL 必须和 SMTP_USER 保持一致，否则无法发送邮件。', ph: '示例：blog@imaegoo.com', value: '' },
             { key: 'SENDER_NAME', desc: '邮件通知标题。', ph: '示例：虹墨空间站评论提醒', value: '' },
-            { key: 'SMTP_SERVICE', desc: '邮件通知邮箱服务商。https://nodemailer.com/smtp/well-known/#supported-services', ph: '示例：QQ', value: '' },
+            { key: 'SMTP_SERVICE', desc: '邮件通知邮箱服务商。支持："126", "163", "1und1", "AOL", "DebugMail", "DynectEmail", "FastMail", "GandiMail", "Gmail", "Godaddy", "GodaddyAsia", "GodaddyEurope", "Hotmail", "Mail.ru", "Maildev", "Mailgun", "Mailjet", "Mailosaur", "Mandrill", "Naver", "OpenMailBox", "Outlook365", "Postmark", "QQ", "QQex", "SES", "SES-EU-WEST-1", "SES-US-EAST-1", "SES-US-WEST-2", "SendCloud", "SendGrid", "SendPulse", "SendinBlue", "Sparkpost", "Yahoo", "Yandex", "Zoho", "hot.ee", "iCloud", "mail.ee", "qiye.aliyun"', ph: '示例：QQ', value: '' },
             { key: 'SMTP_USER', desc: '邮件通知邮箱用户名。', ph: '示例：blog@imaegoo.com', value: '' },
             { key: 'SMTP_PASS', desc: '邮件通知邮箱密码，QQ邮箱请填写授权码。', ph: '示例：password', value: '', secret: true }
           ]
@@ -107,7 +107,6 @@ export default {
 
 <style scoped>
 .tk-admin-config-groups {
-  max-height: 600px;
   overflow-y: auto;
   padding-right: 0.5em;
 }