register_rest_route('nv','get-admin-comment-list',{
methods: 'post',
callback(data,req) {
// 只有编辑和管理员可以管理评论
if (data.comment_tree_of) {
//读取树
var get_ancient_id = (childID) => {
var child = nvdb.comments.find(r=>r.id == childID)[0] || {};
if ( !child.parent ) {
return child.id || 0;
}
return get_ancient_id(child.parent);
}
var ancient = get_ancient_id(data.comment_tree_of);
var comments = query_comments({
comment: ancient,
hierarchical: true,
orderby: data.orderby,
order: data.order,
comments_per_page: data.comments_per_page,
current_page: data.current_page,
date_query: {},
})
} else {
var comments = query_comments({
...data,
date_query: {}
});
}
var user_temp = {};
// 如果有父评论,找到父评论的 name
var parentIDs = comments.data.filter(r=>r.parent>0).map(r=>r.parent);
var parentNames = {};
nvdb.comments.find(r=>parentIDs.includes(r.id)).map(cmt=>{
var user_id = cmt.user_id;
if (user_id > 0) {
if (!user_temp[user_id]) {
var {name,url,email,avatar_url} = get_user_by_id(user_id);
user_temp[user_id] = {name,url,email,avatar_url}
}
parentNames[cmt.id] = user_temp[user_id].name || cmt.name;
} else {
parentNames[cmt.id] = cmt.name || '';
}
})
// 评论是站内用户发表时,忽略 name、url、email,数据需要从user_id读出来
// 读出文章标题、文章评论状态、文章评论数量
var post_temp = {};
comments.data.forEach(cmt=>{
var user_id = cmt.user_id;
// user_id: -1:用户被删除了,但评论保留。 0:非站内用户评论
if (user_id > 0) {
if (!user_temp[user_id]) {
var {name,url,email,avatar_url} = get_user_by_id(user_id);
user_temp[user_id] = {name,url,email,avatar_url}
}
cmt.name = user_temp[user_id].name || cmt.name;
cmt.url = user_temp[user_id].url || cmt.url;
cmt.email = user_temp[user_id].email || cmt.email;
cmt.avatar_url = user_temp[user_id].avatar_url || '';
}
var post_id = cmt.post_id;
if ( !post_temp[post_id] ) {
var {title,comment_count,comment_status,post_type} = get_post(post_id);
post_temp[post_id] = {title,comment_count,comment_status,post_type}
}
cmt.post_title = post_temp[post_id].title;
cmt.post_type = post_temp[post_id].post_type;
cmt.post_comment_count = post_temp[post_id].comment_count;
cmt.post_comment_status = post_temp[post_id].comment_status;
cmt.parent_name = parentNames[cmt.parent] || '';
})
return comments;
},
permission_callback: power=>power >= 8,
});
var trigger_keywords = (str_arr,keyword_str) => {
if (!keyword_str) {return false}
var words = keyword_str.split('\n');
var string = str_arr.join('\n');
//对words的每一项进行匹配,只要匹配到了,就结束。(注意 Array.some 和 Array.every 用法区别)
var triggered = words.some(word=>{
if (string.includes(word)) {
return true;
}
})
return triggered;
}
register_rest_route('nv','add-comment',{
methods: 'post',
callback(data,req) {
if (!nv_validator(data,{
post_id: Number,
name: String,
email: String,
url: String,
content: String,
})) {return new NV_Error("参数错误");}
// 如果有nonce,尝试读取用户ID
var user = req.headers.nvnonce ? get_user_by_nonce(req.headers.nvnonce) : {};
var user_id = user.id || 0;
var userPower = user.power || 0;
if (req.headers.nvnonce && user_id == 0) {
// 有nonce,但是nonce过期
return new NV_Error('登录信息过期,请重新登录', 401.1);
}
if ( get_option('comment_registration') && userPower == 0 ) {
return new NV_Error('请登录后再发表评论');
}
// 任何人都可以发表评论
var {post_id,name,email,url,content} = data;
if (!post_id || !content) {
return new NV_Error('参数错误');
}
// 文章信息
var post = get_post(post_id);
if ( is_nv_error(post) ) {
return post;
}
// 全局评论关闭的前提下,非管理员、编辑、文章作者,不得发表
if ( !get_option('enable_comment') && !(userPower >= 8 || post.author == user_id) ) {
return new NV_Error('禁止评论');
}
// 文章不允许评论的前提下,非管理员、编辑、文章作者,不得发表
if (post.comment_status == false && !(userPower >= 8 || post.author == user_id) ) {
return new NV_Error('文章评论已关闭');
}
// 必须填写邮箱和昵称
if ( get_option('require_name_email') && !user_id && !name && !email ) {
return new NV_Error('访客必须填入昵称和电子邮箱地址');
}
// 有邮箱,需验证有效性
if (email) {
var email_reg = /^[a-z0-9]+([._\\-]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/;
if (!email_reg.test(email)) {
return new NV_Error('请输入正确的邮箱地址');;
}
}
delete data.date;
delete data.status;
var ip = get_option('save_comment_ip') ? req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || req.ip : '';
var ua = get_option('save_comment_ua') ? req.headers['user-agent'] : '';
// 是否触发关键词
if ( trigger_keywords([content,name,email,url,ip,ua], get_option('comment_moderation_words','')) ) {
data.status = 'pending';
}
if ( trigger_keywords([content,name,email,url,ip,ua], get_option('comment_forbidden_words','')) ) {
data.status = 'spam';
}
var insert_result = nv_insert_comment({
...data,
user_id,
ip,
ua,
});
if ( is_nv_error(insert_result) ) {
return insert_result;
} else {
return {
id: insert_result.id,
public: 'publish' == insert_result.status
}
}
},
});
register_rest_route('nv','edit-comment',{
methods: 'post',
callback(data,req) {
// 只有编辑和管理员可以管理评论
var {id} = data;
if (!id) {
return NV_Error('参数错误');
}
// 单独设置状态,如果是变更的话,才会触发变更状态的钩子
nv_set_comments_status([id],data.status);
// 只能编辑 name/email/url/content/ip/ua/date,以下不能编辑
delete data.post_id;
delete data.parent;
delete data.user_id;
delete data.status;
nv_set_comment_fields([id],data);
return {id};
},
permission_callback: power=>power >= 8,
});
register_rest_route('nv','delete-comments',{
methods: 'post',
callback(data,req) {
// 只有编辑和管理员可以管理评论
var {ids} = data;
if (!ids) {
return NV_Error('参数错误');
}
var success = [];
ids.forEach(id=>{
var result = delete_comment(id);
if ( !is_nv_error(result) ) {
success.push(id)
}
})
return {ids:success};
},
permission_callback: power=>power >= 8,
});
register_rest_route('nv','set-comments-status',{
methods: 'post',
callback(data,req) {
// 只有编辑和管理员可以管理评论
var {ids,status} = data;
if (!ids || !status) {
return NV_Error('参数错误');
}
var success = nv_set_comments_status(ids,status);
return {ids: success};
},
permission_callback: power=>power >= 8,
});