hexo-leancloud-counter-security
Advanced tools
A plugin to fix a serious security bug in leancloud visitor counter for NexT.
A plugin to fix a serious security bug in leancloud visitor counter for NexT theme site and other site that integrated this function using a similar way.
Documentation how to set the counter up and running safely aviable in English or Chinese languages.
And you can also read full explanation of current problem here.
npm install hexo-leancloud-counter-security
Activate this plugin in hexo's _config.yml (which locates in the root dir of your blog) by filling those options:
leancloud_counter_security:
enable_sync: true
app_id: <<your app id>>
app_key: <<your app key>>
server_url: <<your server url>> # For CN region, optional
username: <<your username>> # Will be asked while deploying if is left blank
password: <<your password>> # Recommmended to be left blank. Will be asked while deploying if is left blank
If leancloud_counter_security not specified (or commented), plugin will totally disabled.
This plugin integrated in «NexT» and after plugin enabled in main Hexo config, need to enable options in NexT config:
leancloud_visitors:
enable: true
app_id: <<your app id>>
app_key: <<your app key>>
# Dependencies: https://github.com/theme-next/hexo-leancloud-counter-security
security: true
betterPerformance: false
Explaination for betterPerformance:
Because the Leancloud developer's plan has limits in requst thread amount and running time, counter number may be very slow to load in some times. If set betterPerformance to true, counter number will be displayed quickly by assuming the request is accepted normally.
You should build the Leancloud background first to make the counter active.
After that, install this plugin and config it to make the counter safe.
hexo lc-counter register <<username>> <<password>>
or
hexo lc-counter r <<username>> <<password>>
Register a user in your Leancloud database for authority control.
For purpose of avoiding the 429 error code (Too Many Request) from leancloud, this plugin use a local database to store the records which have been successfully synchronized to the leancloud. Only the records that are not in the local database will be synchronized. This feature reduces the request quantity to avoid 429 error. The local databases is a json file named leancloud.memo in <<blog directory>>/source. Delete the leancloud.memo will not cause other flaws.
If you failed to sync records to the leancloud and you are sure about the plugin causes the fault. You can delete the leancloud.memo and deploy again. The command is following.
rm <<blog directory>>/source/leancloud.memo
hexo d
FAQs
A plugin to fix a serious security bug in leancloud visitor counter for NexT.
The npm package hexo-leancloud-counter-security receives a total of 20 weekly downloads. As such, hexo-leancloud-counter-security popularity was classified as not popular.
We found that hexo-leancloud-counter-security demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A survey of 500 cybersecurity pros reveals high pay isn't enough—lack of growth and flexibility is driving attrition and risking organizational security.
Product
Socket, the leader in open source security, is now available on Google Cloud Marketplace for simplified procurement and enhanced protection against supply chain attacks.
Security News
Corepack will be phased out from future Node.js releases following a TSC vote.