A plugin to fix a serious security bug in leancloud visitor counter for NexT
Switch branches/tags
Nothing to show
Clone or download
LEAFERx Remerge for misoperate (#9)
* fix #6

* fix #6

* continue fixing #6
Latest commit 52a04b6 Oct 29, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Fix #6 (#8) Oct 29, 2018
.babelrc use babel to support node<8 Mar 15, 2018
.gitignore init Jan 26, 2018
.travis.yml Add travis Mar 16, 2018
LICENSE Update LICENSE Feb 11, 2018
README.md Add travis badge Mar 16, 2018
index.js Fix #6 (#8) Oct 29, 2018
package-lock.json fix vulnerabilities Oct 26, 2018
package.json Add travis badge Mar 16, 2018

README.md

hexo-leancloud-counter-security

travis-image hexo-image node-image npm-image mnt-image lic-image

A plugin to fix a serious security bug in leancloud visitor counter for NexT theme site and other site that integrated this function using a similar way.

Documentation how to set the counter up and running safely aviable in English or Chinese languages.

And you can also read full explanation of current problem here.

Installation

size-image dm-image dt-image

npm install hexo-leancloud-counter-security --save

Usage

Activate this plugin in hexo's _config.yml (which locates in the root dir of your blog) by filling those options:

leancloud_counter_security:
  enable_sync: true
  app_id: <<your app id>>
  app_key: <<your app key>>
  username: <<your username>> # Will be asked while deploying if is left blank
  password: <<your password>> # Recommmended to be left blank. Will be asked while deploying if is left blank

If leancloud_counter_security not specified (or commented), plugin will totally disabled.

NexT theme

This plugin integrated in «NexT» and after plugin enabled in main Hexo config, need to enable options in NexT config:

leancloud_visitors:
  enable: true
  app_id: <<your app id>>
  app_key: <<your app key>>
  # Dependencies: https://github.com/theme-next/hexo-leancloud-counter-security
  security: true
  betterPerformance: false

Explaination for betterPerformance: Because the Leancloud developer's plan has limits in requst thread amount and running time, counter number may be very slow to load in some times. If set betterPerformance to true, counter number will be displayed quickly by assuming the request is accepted normally.

You should build the Leancloud background first to make the counter active.

After that, install this plugin and config it to make the counter safe.

Console Command

hexo lc-counter register <<username>> <<password>>

or

hexo lc-counter r <<username>> <<password>>

Register a user in your Leancloud database for authority control.