search

walinejs / waline

💬 A Simple, Safe Comment System
https://waline.js.org/en/
GNU General Public License v2.0
2.2k stars 382 forks source link

[Bug] [独立部署 直接运行] [SQLite数据库] : 未配置LeanCloud相关的环境变量时, 程序运行报错 || [Bug] [Independent deployment, direct operation] [SQLite database]: When the environment variables related to LeanCloud are not configured, the program will report an error when running. #2501

Closed pygyme closed 4 months ago

pygyme commented 4 months ago

问题描述 | Describe the bug

根据官方文档独立部署一节, 采用直接运行的方式部署服务, 其中使用了SQLite数据库。

通过查找Issue, 发现是跟 Issue 10 一样的问题。

目前对LeanCloud相关环境变量设置了一个无效的值, 采用这种方式进行绕过, 设置之后程序可以正常运行。

export LEAN_ID=abcd
export LEAN_KEY=abcd
export LEAN_SERVER=abcd

开发者如果有空的话, 麻烦处理一下。

Problem description | Describe the bug

According to the independent deployment section of the official documentation, the service is deployed by direct operation, using the SQLite database.

By searching for the Issue, I found that it is the same problem as Issue 10.

Currently, an invalid value is set for LeanCloud related environment variables. This method is used to bypass it. After setting, the program can run normally.

export LEAN_ID=abcd
export LEAN_KEY=abcd
export LEAN_SERVER=abcd

If the developer is free, please take care of it.

lizheming commented 4 months ago

可以提供下具体的配置和错误信息看一下,你引用的 issue 已经是 4 年前的问题了,很早就已经被修复了。如果还有类似的问题,可能需要具体再看一下。

另外如果你配置了 LEAN_KEY 之类的字段的话,应该是会优先使用 LeanCloud 存储服务的,不应该 SQLite 还能正常使用,所以理论上你应该是没有配置生效的。https://github.com/walinejs/waline/blob/main/packages/server/src/config/config.js#L55-L80

Can you provide the specific configuration and error information? The issue you cited was already 4 years ago and has been fixed a long time ago. If you still have similar questions, you may need to take a closer look.

In addition, if you configure fields such as LEAN_KEY, the LeanCloud storage service should be used first. SQLite should not be able to be used normally, so in theory, your configuration should not take effect. https://github.com/walinejs/waline/blob/main/packages/server/src/config/config.js#L55-L80

pygyme commented 4 months ago
  1. 安装项目, 系统是 Ubuntu 22.04 
    
root@ubunut22:~/waline# apt-get install nodejs npm sqlite3
root@ubunut22:~/waline# npm config set registry=https://registry.npmjs.org

root@ubunut22:~/waline# mkdir -p /root/waline && cd /root/waline root@ubunut22:~/waline# wget https://github.com/walinejs/waline/blob/main/assets/waline.sqlite root@ubunut22:~/waline# npm install @waline/vercel --save added 568 packages, and audited 569 packages in 1m

39 packages are looking for funding run npm fund for details

35 vulnerabilities (32 moderate, 3 high)

To address all issues, run: npm audit fix

Run npm audit for details. root@ubunut22:~/waline# npm list waline@ /root/waline └── @waline/vercel@1.31.13

root@ubunut22:~/waline#


2. 卧槽, 35个漏洞,这不得根据提示处理一下?

root@ubunut22:~/waline# npm audit fix root@ubunut22:~/waline# npm audit fix --force root@ubunut22:~/waline# npm list waline@ /root/waline └── @waline/vercel@0.7.2

root@ubunut22:~/waline#

处理完成,发现版本降级到了 0.7.2, 根据提示,还是有漏洞,这他喵的修了跟没修一个样。 所以这些前端库的提示到底是干啥的? 算了, 凑合用吧,又不是不能跑!

3. 运行项目

root@ubunut22:~/waline# npm list waline@ /root/waline └── @waline/vercel@0.7.2 root@ubunut22:~/waline# export SQLITE_PATH=/root/waline root@ubunut22:~/waline# node node_modules/@waline/vercel/vanilla.js [2024-05-13T16:29:01.275] [1358] [INFO] - Server running at http://127.0.0.1:8360 [2024-05-13T16:29:01.282] [1358] [INFO] - ThinkJS version: 3.2.15 [2024-05-13T16:29:01.282] [1358] [INFO] - Environment: production [2024-05-13T16:29:01.282] [1358] [INFO] - Workers: 1 TypeError: appId must be a string at Object.init (/root/waline/node_modules/leancloud-storage/dist/node/init.js:100:21) at Object. (/root/waline/node_modules/@waline/vercel/src/service/storage/leancloud.js:5:4) at Module._compile (internal/modules/cjs/loader.js:999:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10) at Module.load (internal/modules/cjs/loader.js:863:32) at Function.Module._load (internal/modules/cjs/loader.js:708:14) at Module.require (internal/modules/cjs/loader.js:887:19) at require (internal/modules/cjs/helpers.js:74:18) at exports.interopRequire (/root/waline/node_modules/think-loader/loader/util.js:17:13) at /root/waline/node_modules/think-loader/loader/common.js:16:26 ^C root@ubunut22:~/waline# node node_modules/@waline/vercel/vanilla.js [2024-05-13T16:29:27.383] [1372] [INFO] - Server running at http://127.0.0.1:8360 [2024-05-13T16:29:27.396] [1372] [INFO] - ThinkJS version: 3.2.15 [2024-05-13T16:29:27.396] [1372] [INFO] - Environment: production [2024-05-13T16:29:27.396] [1372] [INFO] - Workers: 1 TypeError: appId must be a string at Object.init (/root/waline/node_modules/leancloud-storage/dist/node/init.js:100:21) at Object. (/root/waline/node_modules/@waline/vercel/src/service/storage/leancloud.js:5:4) at Module._compile (internal/modules/cjs/loader.js:999:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10) at Module.load (internal/modules/cjs/loader.js:863:32) at Function.Module._load (internal/modules/cjs/loader.js:708:14) at Module.require (internal/modules/cjs/loader.js:887:19) at require (internal/modules/cjs/helpers.js:74:18) at exports.interopRequire (/root/waline/node_modules/think-loader/loader/util.js:17:13) at /root/waline/node_modules/think-loader/loader/common.js:16:26 ^C root@ubunut22:~/waline#



4.  不好意思, 我也是刚刚尝试重现bug,才发现VPS用的是 0.7.2, 默认安装不像上面那样修复漏洞,应该装的是 1.31.13 版本
pygyme commented 4 months ago

使用 0.7.2 版本的时候, 使用最上面那种方式,绕过之后,程序可以正常运行。

既然发现0.7.2 不是最新版, 那就干掉 0.7.2 , 用最新版试试。

root@ubunut22:~/waline# rm -rf node_modules/
root@ubunut22:~/waline# rm -f package*
root@ubunut22:~/waline# npm install @waline/vercel --save
root@ubunut22:~/waline# npm list
waline@ /root/waline
└── @waline/vercel@1.31.13

root@ubunut22:~/waline# node node_modules/@waline/vercel/vanilla.js
internal/modules/cjs/loader.js:818
  throw err;
  ^

Error: Cannot find module 'node:path'
Require stack:
- /root/waline/node_modules/@waline/vercel/vanilla.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/root/waline/node_modules/@waline/vercel/vanilla.js:1:14)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/root/waline/node_modules/@waline/vercel/vanilla.js' ]
}
root@ubunut22:~/waline# node -v
v12.22.9
root@ubunut22:~/waline# npm -v
8.5.1
root@ubunut22:~/waline# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
root@ubunut22:~/waline#

@lizheming

When using version 0.7.2, use the above method. After bypassing, the program can run normally.

Since you find that 0.7.2 is not the latest version, kill 0.7.2 and try with the latest version.

root@ubunut22:~/waline# rm -rf node_modules/
root@ubunut22:~/waline# rm -f package*
root@ubunut22:~/waline# npm install @waline/vercel --save
root@ubunut22:~/waline# npm list
waline@ /root/waline
└── @waline/vercel@1.31.13

root@ubunut22:~/waline# node node_modules/@waline/vercel/vanilla.js
internal/modules/cjs/loader.js:818
  throw err;
  ^

Error: Cannot find module 'node:path'
Require stack:
- /root/waline/node_modules/@waline/vercel/vanilla.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/root/waline/node_modules/@waline/vercel/vanilla.js:1:14)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/root/waline/node_modules/@waline/vercel/vanilla.js' ]
}
root@ubunut22:~/waline# node -v
v12.22.9
root@ubunut22:~/waline# npm -v
8.5.1
root@ubunut22:~/waline# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
root@ubunut22:~/waline#

@lizheming

lizheming commented 4 months ago
  1. 如果是用的 0.7.2 那确实可能会有之前的问题,这个版本是3年前的版本了,确实有点古早
  2. 漏洞处理比较复杂,涉及各种依赖,之前我看过一下,大部分还好,可以先不处理
  3. 报错是因为新版本需要 node >= 16 才可以哈,https://github.com/walinejs/waline/blob/main/packages/server/package.json#L56-L58 你在安装依赖的时候应该有提示信息的。node 12 已经是前年开始不维护的版本了,如果比较关心安全方面的话,建议升级。
  4. 如果觉得折腾环境比较麻烦的话,建议直接使用 Docker 部署,会更方便点。
  5. If you are using 0.7.2, you may have previous problems. This version is from 3 years ago, which is indeed a bit old.
  6. Vulnerability processing is relatively complex and involves various dependencies. I have looked at it before and most of them are fine. You can leave it alone.
  7. The error is reported because the new version requires node >= 16, https://github.com/walinejs/waline/blob/main/packages/server/package.json#L56-L58 You should install dependencies when There is a prompt message. Node 12 is already an unmaintained version since the year before last. If you are more concerned about security, it is recommended to upgrade.
  8. If you find it troublesome to mess with the environment, it is recommended to use Docker deployment directly, which will be more convenient.