crowdforecastr: Eliciting crowd forecasts in R shiny

Fix LeanCloud Counter Plugin Security Vulnerability

Before you make the config, please upgrade your NexT version to v6.0.6 or greater.

Please note the difference between site config file and theme config file

Sign up to LeanCloud and create an app

Go to LeanCloud website leancloud.app and sign up to LeanCloud. Then login.
Click 1 to enter the console:

Then click 1 to create an app:

Type your app name in 1 in the pop up window(eg. "test"), then choose 2, which means developer's plan, and then click 3 to create the app:

Create Counter class and enable plugin in NexT

Click 1 (app name) to enter the app manage page:

then click 1 to create a class for counter:

Type Counter in the pop up window in 1, check 2, then click 3:

Click 1 to enter the app setting, then click 2:

Paste App ID and App Key to theme config file _config.yml like this: yml leancloud_visitors: enable: true app_id: # <your app id> app_key: # <your app key> # Required for apps from CN region server_url: # <your server url> # Dependencies: https://github.com/theme-next/hexo-leancloud-counter-security security: true
Set domain whitelist: Click 1, then type your domain into 2 (protocol, domain and port should be exactly the same):

Deploy web engine to avoid your data being changed illegally

Click 1 -> 2 -> 3 by order

Click 1:

In the pop up window, click 1 to choose type Hook, then choosebeforeUpdate in 2, choose Counter in 3. Paste code below into 4, then click 5 to save it: javascript var query = new AV.Query("Counter"); if (request.object.updatedKeys.includes('time')) { return query.get(request.object.id).then(function (obj) { if (obj.get("time") > request.object.get("time")) { throw new AV.Cloud.Error('Invalid update!'); } return request.object.save(); }); }

Click 1 to deploy after the message in the red rect shows up:

Click 1 in the pop up：

Click 1 to close the pop up window after the message in the red rect shows up:

Set access control for your database

Open theme config file _config.yml, set leancloud_visitors: security to true: yml leancloud_visitors: enable: true app_id: # <your app id> app_key: # <your app key> # Required for apps from CN region server_url: # <your server url> # Dependencies: https://github.com/theme-next/hexo-leancloud-counter-security security: true
Open cmd then switch to root path of site, type commands to install hexo-leancloud-counter-security plugin: npm install hexo-leancloud-counter-security
Open site config file _config.yml, add those config: yml leancloud_counter_security: enable_sync: true app_id: <your app id> app_key: <your app key> username: password:
Type command: hexo lc-counter register <username> <password> or hexo lc-counter r <username> <password>

Change <username> and <password> to your own username and password (no need to be the same as leancloud account). They will be used in the hexo deploying.

Open site config file _config.yml, change <username> and <password>to those you set above: yml leancloud_counter_security: enable_sync: true app_id: <your app id> app_key: <your app key> username: <your username> # will be asked while deploying if be left blank password: <your password> # recommend to leave it blank for security, will be asked while deploying if be left blank
Add the deployer in the deploy of site config file _config.yml: ```yml deploy:
- type: git repo: // your repo ...
- type: leancloud_counter_security_sync ```
Return to the LeanCloud console. Click 1 -> 2, check if there is a record added in the _User (the img below is using username "admin" for example):