Skip to content
/ hexo-leancloud-counter-security Public

A plugin to fix a serious security bug in leancloud visitor counter for NexT.

License

LGPL-3.0 license
35 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

theme-next/hexo-leancloud-counter-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

hexo-leancloud-counter-security

npm-image node-image hexo-image travis-image lic-image

A plugin to fix a serious security bug in leancloud visitor counter for NexT theme site and other site that integrated this function using a similar way.

Documentation how to set the counter up and running safely aviable in English or Chinese languages.

And you can also read full explanation of current problem here.

Installation

size-image dm-image dt-image

npm install hexo-leancloud-counter-security

Usage

Activate this plugin in hexo's _config.yml (which locates in the root dir of your blog) by filling those options:

leancloud_counter_security:
  enable_sync: true
  app_id: <your app id>
  app_key: <your app key>
  server_url: <your server url> # Required for apps from CN region, e.g. https://leancloud.cn
  username: <your username> # Will be asked while deploying if is left blank
  password: <your password> # Recommmended to be left blank. Will be asked while deploying if is left blank

If leancloud_counter_security not specified (or commented), plugin will totally disabled.

NexT theme

This plugin integrated in «NexT» and after plugin enabled in main Hexo config, need to enable options in NexT config:

leancloud_visitors:
  enable: true
  app_id: <your app id>
  app_key: <your app key>
  # Dependencies: https://github.com/theme-next/hexo-leancloud-counter-security
  security: true

You should build the Leancloud background first to make the counter active.

After that, install this plugin and config it to make the counter safe.

Console Command

hexo lc-counter register <username> <password>

or

hexo lc-counter r <username> <password>

Register a user in your Leancloud database for authority control.

TroubleShooting

fail to sync records to the leancloud database

For purpose of avoiding the 429 error code (Too Many Request) from leancloud, this plugin use a local database to store the records which have been successfully synchronized to the leancloud. Only the records that are not in the local database will be synchronized. This feature reduces the request quantity to avoid 429 error. The local databases is a json file named leancloud.memo in <blog directory>/source. Delete the leancloud.memo will not cause other flaws.

If you failed to sync records to the leancloud and you are sure about the plugin causes the fault. You can delete the leancloud.memo and deploy again. The command is following.

rm <blog directory>/source/leancloud.memo
hexo d

About

A plugin to fix a serious security bug in leancloud visitor counter for NexT.

Topics

security hexo leancloud leancloud-visitor-counter leancloud-database

Resources

Readme

License

LGPL-3.0 license
Activity
Custom properties

Stars

35 stars

Watchers

13 watching

Forks

11 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 7

Languages