hedgedoc/lib/web/note/util.js

const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const errors = require('../../errors')

exports.findNote = function (req, res, callback, include) {
  const id = req.params.noteId || req.params.shortid
  models.Note.parseNoteId(id, function (err, _id) {
    if (err) {
      logger.error(err)
      return errors.errorInternalError(res)
    }
    models.Note.findOne({
      where: {
        id: _id
      },
      include: include || null
    }).then(function (note) {
      if (!note) {
        return exports.newNote(req, res, null)
      }
      if (!exports.checkViewPermission(req, note)) {
        return errors.errorForbidden(res)
      } else {
        return callback(note)
      }
    }).catch(function (err) {
      logger.error(err)
      return errors.errorInternalError(res)
    })
  })
}

exports.checkViewPermission = function (req, note) {
  if (note.permission === 'private') {
    return !(!req.isAuthenticated() || note.ownerId !== req.user.id)
  } else if (note.permission === 'limited' || note.permission === 'protected') {
    return req.isAuthenticated()
  } else {
    return true
  }
}

exports.newNote = function (req, res, body) {
  let owner = null
  const noteId = req.params.noteId ? req.params.noteId : null
  if (req.isAuthenticated()) {
    owner = req.user.id
  } else if (!config.allowAnonymous) {
    return errors.errorForbidden(res)
  }
  if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
    req.alias = noteId
  } else if (noteId) {
    return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
  }
  models.Note.create({
    ownerId: owner,
    alias: req.alias ? req.alias : null,
    content: body
  }).then(function (note) {
    return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
  }).catch(function (err) {
    logger.error(err)
    return errors.errorInternalError(res)
  })
}
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`const models = require('../../models')`
			`const logger = require('../../logger')`
			`const config = require('../../config')`
			`const errors = require('../../errors')`

			`exports.findNote = function (req, res, callback, include) {`
			`const id = req.params.noteId \|\| req.params.shortid`
			`models.Note.parseNoteId(id, function (err, _id) {`
			`if (err) {`
			`logger.error(err)`
			`return errors.errorInternalError(res)`
			`}`
			`models.Note.findOne({`
			`where: {`
			`id: _id`
			`},`
			`include: include \|\| null`
			`}).then(function (note) {`
			`if (!note) {`
			`return exports.newNote(req, res, null)`
			`}`
			`if (!exports.checkViewPermission(req, note)) {`
			`return errors.errorForbidden(res)`
			`} else {`
			`return callback(note)`
			`}`
			`}).catch(function (err) {`
			`logger.error(err)`
			`return errors.errorInternalError(res)`
			`})`
			`})`
			`}`

			`exports.checkViewPermission = function (req, note) {`
			`if (note.permission === 'private') {`
			`return !(!req.isAuthenticated() \|\| note.ownerId !== req.user.id)`
			`} else if (note.permission === 'limited' \|\| note.permission === 'protected') {`
			`return req.isAuthenticated()`
			`} else {`
			`return true`
			`}`
			`}`

			`exports.newNote = function (req, res, body) {`
			`let owner = null`
			`const noteId = req.params.noteId ? req.params.noteId : null`
			`if (req.isAuthenticated()) {`
			`owner = req.user.id`
			`} else if (!config.allowAnonymous) {`
			`return errors.errorForbidden(res)`
			`}`
			`if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {`
			`req.alias = noteId`
			`} else if (noteId) {`
			`return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)`
			`}`
			`models.Note.create({`
			`ownerId: owner,`
			`alias: req.alias ? req.alias : null,`
			`content: body`
			`}).then(function (note) {`
			`return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))`
			`}).catch(function (err) {`
			`logger.error(err)`
			`return errors.errorInternalError(res)`
			`})`
			`}`