theme-next / hexo-leancloud-counter-security Goto Github PK
View Code? Open in Web Editor NEWA plugin to fix a serious security bug in leancloud visitor counter for NexT.
License: GNU Lesser General Public License v3.0
A plugin to fix a serious security bug in leancloud visitor counter for NexT.
License: GNU Lesser General Public License v3.0
阅读次数显示,我按照docs中的教程,配置了leancloud,但阅读次数没有展示出来
阅读次数不显示,我查看了Next主题的博客,阅读次数都没有显示出来
leancloud_counter_security:
enable_sync: true
app_id: xxxxxx
app_key: xxxxxxx
username:
password:
NexT Version:
NexT Scheme:
leancloud_visitors:
enable: true
app_id: xxxxxxx #<app_id>
app_key: xxxxxxx #<app_key>
When I tried to run register
hexo lc-counter r username password
It came out with the following error:
TypeError: serverURL option is required for apps from CN region
at Object.init (D:\blog\node_modules\leancloud-storage\dist\node\init.js:92:13)
at Hexo.commandFunc (D:\blog\node_modules\hexo-leancloud-counter-security\index.js:190:12)
at Hexo.tryCatcher (D:\blog\node_modules\bluebird\js\release\util.js:16:23)
at Hexo.<anonymous> (D:\blog\node_modules\bluebird\js\release\method.js:15:34)
at D:\blog\node_modules\hexo\lib\hexo\index.js:187:15
at Promise._execute (D:\blog\node_modules\bluebird\js\release\debuggability.js:313:9)
at Promise._resolveFromExecutor (D:\blog\node_modules\bluebird\js\release\promise.js:483:18)
at new Promise (D:\blog\node_modules\bluebird\js\release\promise.js:79:10)
at Hexo.call (D:\blog\node_modules\hexo\lib\hexo\index.js:183:10)
at C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\lib\hexo.js:67:17
at tryCatcher (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\util.js:16:23)
at Promise._settlePromiseFromHandler (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\promise.js:517:31)
at Promise._settlePromise (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\promise.js:574:18)
at Promise._settlePromise0 (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\promise.js:619:10)
at Promise._settlePromises (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\promise.js:699:18)
at _drainQueueStep (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\async.js:138:12)
at _drainQueue (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\async.js:131:9)
at Async._drainQueues (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\async.js:147:5)
at Immediate.Async.drainQueues [as _onImmediate] (C:\Users\54387\AppData\Roaming\npm\node_modules\hexo-cli\node_modules\bluebird\js\release\async.js:17:14)
at processImmediate (internal/timers.js:456:21)
Hello! I was implementing the counter function in Hexo NexT with LeanCloud according to [1]https://leaferx.online/2018/03/16/lc-security-en/. But after deploying, the counting still didn't work (remained 0). Then I turned to check [2]https://github.com/theme-next/hexo-leancloud-counter-security#usage and found that there was an additional server_url
attribute in leancloud_counter_security
of site config which [1] did not have. So I used https://leancloud.cn as url but I got Unauthorized [401 POST] ERROR
when deploying leancloud_counter_security_sync
. Then I tried my blog url but got the undefined [405 POST] ERROR
.
Could anyone offer some help? Thanks!
p.s. What's the relation between the server_url
in leancloud_visitors
in theme config and the server_url
in leancloud_counter_security
in site config?
The log is as follows:
INFO Deploy done: git
INFO Deploying: leancloud_counter_security_sync
Enter your username: root
Enter your password: *************
ERROR Error: connect ETIMEDOUT xxx.xxx.xxx.xxx:443 [N/A POST https://xxxx.api.lncldglobal.com/1.1/login]
at /Users/xxxx/workspace/blog/node_modules/leancloud-storage/dist/node/request.js:169:17
at processTicksAndRejections (internal/process/task_queues.js:94:5)
at async Hexo.sync (/Users/xxxx/workspace/blog/node_modules/hexo-leancloud-counter-security/index.js:102:9) {
code: 'ETIMEDOUT',
rawMessage: 'connect ETIMEDOUT xxx.xxx.xxx.xxx:443'
}
INFO Now syncing your posts list to leancloud counter...
INFO Dealing with record of xxxx
INFO Deploy done: leancloud_counter_security_sync
INFO Deploying: baidu_url_submitter
INFO Submitting urls
https://catbro666.github.io/posts/68dbb05c/
https://catbro666.github.io/posts/83951100/
https://catbro666.github.io/posts/615fc0b5/
https://catbro666.github.io/posts/2dc32e47/
https://catbro666.github.io/posts/657c24ad/
{"remain":2975,"success":5}
INFO Deploy done: baidu_url_submitter
ERROR Error: connect ETIMEDOUT xxx.xxx.xxx.xxx:443 [N/A GET https://xxxx.api.lncldglobal.com/1.1/classes/Counter]
at /Users/xxxx/workspace/blog/node_modules/leancloud-storage/dist/node/request.js:169:17
at processTicksAndRejections (internal/process/task_queues.js:94:5) {
code: 'ETIMEDOUT',
rawMessage: 'connect ETIMEDOUT xxx.xxx.xxx.xxx:443'
}
INFO leancloud.memo successfully updated.
Is that because the http requests in js didn't go through the proxy.
But I already set export all_proxy=socks5://127.0.0.1:7890
, and I can access the urls above successfully by using curl like this:
$ curl https://xxxx.api.lncldglobal.com/1.1/login
{"code":401,"error":"Unauthorized."}
Hello, I installed it through the official tutorial, but I have encountered some problems now.
I guess the reason for the error is the dependency problem, which makes the plugin installation fail.
The error message is as follows:
➜ blog hexo
ERROR Plugin load failed: hexo-leancloud-counter-security
Error: Cannot find module 'babel-runtime/regenerator'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
at Function.Module._load (internal/modules/cjs/loader.js:562:25)
at Module.require (internal/modules/cjs/loader.js:690:17)
at require (/Users/anran/Desktop/MyProject/blog/node_modules/hexo/lib/hexo/index.js:219:21)
at /Users/anran/Desktop/MyProject/blog/node_modules/hexo-leancloud-counter-security/index.js:3:20
at fs.readFile.then.script (/Users/anran/Desktop/MyProject/blog/node_modules/hexo/lib/hexo/index.js:232:12)
at tryCatcher (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:517:31)
at Promise._settlePromise (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:699:18)
at Promise._fulfill (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:643:18)
at Promise._resolveCallback (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:437:57)
at Promise._settlePromiseFromHandler (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:529:17)
at Promise._settlePromise (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:699:18)
at Promise._fulfill (/Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/promise.js:643:18)
at /Users/anran/Desktop/MyProject/blog/node_modules/bluebird/js/release/nodeback.js:42:21
at /Users/anran/Desktop/MyProject/blog/node_modules/graceful-fs/graceful-fs.js:115:16
at FSReqWrap.readFileAfterClose [as oncomplete] (internal/fs/read_file_context.js:53:3)
Usage: hexo <command>
The package.json
information of the root directory is as follows:
{
"name": "hexo-site",
"version": "0.0.0",
"private": true,
"hexo": {
"version": "3.9.0"
},
"dependencies": {
"hexo": "^3.9.0",
"hexo-generator-archive": "^0.1.5",
"hexo-generator-category": "^0.1.3",
"hexo-generator-feed": "^1.2.2",
"hexo-generator-index": "^0.2.1",
"hexo-generator-searchdb": "^1.0.8",
"hexo-generator-tag": "^0.2.0",
"hexo-leancloud-counter-security": "^1.4.0",
"hexo-renderer-ejs": "^0.3.1",
"hexo-renderer-marked": "^1.0.1",
"hexo-renderer-stylus": "^0.3.3",
"hexo-server": "^0.3.3",
"hexo-symbols-count-time": "^0.6.0"
}
}
After the problem appeared, I tried the following steps, but still did not solve the problem.
hexo clean
I have followed the article Leancloud访客统计插件重大安全漏洞修复指南 and finished first four steps, but I got an error 'Counter not initialized! See more at console err msg'.
Is something wrong? My environment is localhost
新增博客时部署失败,显示我的密码错误,但是我记得应该没错啊。怎样查看这个密码,就是之前执行以下命令时设置的密码:
hexo lc-counter register <<username>> <<password>>
ERROR The username and password mismatch. [400 POST https://th5bgglg.api.lncld.net/1.1/login]
Error: The username and password mismatch. [400 POST https://th5bgglg.api.lncld.net/1.1/login]
at /Users/tangshusen/MyBlog/blog/node_modules/leancloud-storage/dist/node/request.js:163:17
at tryCatch (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:410:12)
at invokeCallback (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:425:13)
at publish (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:399:7)
at publishRejection (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:340:3)
at flush (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:128:5)
at process._tickCallback (internal/process/next_tick.js:61:11)
INFO Now syncing your posts list to leancloud counter...
INFO Dealing with record of TensorFlow AttentionWrapper源码超详细图解
INFO Deploy done: leancloud_counter_security_sync
ERROR Forbidden to create by class 'Counter' permissions. [403 POST https://th5bgglg.api.lncld.net/1.1/classes/Counter]
Error: Forbidden to create by class 'Counter' permissions. [403 POST https://th5bgglg.api.lncld.net/1.1/classes/Counter]
at /Users/tangshusen/MyBlog/blog/node_modules/leancloud-storage/dist/node/request.js:163:17
at tryCatch (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:410:12)
at invokeCallback (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:425:13)
at publish (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:399:7)
at publishRejection (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:340:3)
at flush (/Users/tangshusen/MyBlog/blog/node_modules/es6-promise/dist/es6-promise.js:128:5)
at process._tickCallback (internal/process/next_tick.js:61:11)
leancloud.memo successfully updated.
The url for a post should be /blog/post
after deploy if running site in a subdirectory that is domain/blog/
but the url generated is /post
.
ERROR Unauthorized. [401 POST https://5vqndxlh.api.lncld.net/1.1/users]
�[32mINFO �[39m Logined as: jimlee2002
�[32mINFO �[39m Now syncing your posts list to leancloud counter...
�[41mFATAL�[49m Something's wrong. Maybe you can find the solution here: �[4mhttps://hexo.io/docs/troubleshooting.html�[24m
�[33mSyntaxError: Unexpected token , in JSON at position 59�[39m
�[33m at JSON.parse (<anonymous>)�[39m
�[33m at D:\Blog\node_modules\hexo-leancloud-counter-security\index.js:127:22�[39m
�[33m at Array.forEach (<anonymous>)�[39m
�[33m at Hexo.sync (D:\Blog\node_modules\hexo-leancloud-counter-security\index.js:121:20)�[39m
�[33m at processTicksAndRejections (internal/process/task_queues.js:97:5)�[39m
在hexo配置文件中添加- type: leancloud_counter_security_sync
后,在部署的时候卡住,只能强制结束
目前网上没有找到解决方案
INFO 219 files generated in 4.33 s
INFO Deploying: leancloud_counter_security_sync
1 [sig] sh 33496! sigpacket::process: Suppressing signal 18 to win32 process (pid 28184)
经常出现类似的网络问题, ERR_CONNECTION_REST,从官方社区论坛中了解到,和访问的域名有关系,他们已经更新了新的 REST API
hexo_root/node_modules/hexo-leancloud-counter-security/index.js:73
this.log.info('leancloud.memo successfully updated.');
^
TypeError: Cannot read property 'log' of undefined
at postOperation (hexo_root/node_modules/hexo-leancloud-counter-security/index.js:73:10)
at /www/page/hexo/node_modules/hexo-leancloud-counter-security/index.js:160:17
at processTicksAndRejections (node:internal/process/task_queues:94:5)
➜ hexo git:(master) ✗ node -v
v15.8.0
➜ hexo git:(master) ✗ npm -v
7.6.0
➜ hexo git:(master) ✗ npm list --depth 0
[email protected] /www/page/hexo
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
└── [email protected]
文章标题包含双引号时,JSON 解析会错,插件无法继续运行。
暂时通过删除标题中的双引号时解决。
我新建了一个page为photos,但是在deploy到leancloud中却只有帖子创建了记录,请问如何创建photos这个文件的浏览记录
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.