2021-01-05 16:12:38 -05:00
|
|
|
/*
|
2021-01-06 15:36:07 -05:00
|
|
|
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
|
2021-01-05 16:12:38 -05:00
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2020-07-26 15:00:18 -04:00
|
|
|
import {
|
2021-02-20 10:11:51 -05:00
|
|
|
BadRequestException,
|
2020-07-26 15:00:18 -04:00
|
|
|
Body,
|
|
|
|
Controller,
|
|
|
|
Delete,
|
|
|
|
Get,
|
|
|
|
Header,
|
2021-01-09 16:38:10 -05:00
|
|
|
NotFoundException,
|
2020-07-26 15:00:18 -04:00
|
|
|
Param,
|
|
|
|
Post,
|
|
|
|
Put,
|
2021-02-23 15:20:01 -05:00
|
|
|
Req,
|
2021-02-16 03:33:42 -05:00
|
|
|
UnauthorizedException,
|
2021-01-15 12:53:09 -05:00
|
|
|
UseGuards,
|
2020-07-26 15:00:18 -04:00
|
|
|
} from '@nestjs/common';
|
2021-02-20 10:11:51 -05:00
|
|
|
import {
|
|
|
|
AlreadyInDBError,
|
2021-02-20 16:21:31 -05:00
|
|
|
ForbiddenIdError,
|
2021-02-20 10:11:51 -05:00
|
|
|
NotInDBError,
|
|
|
|
PermissionsUpdateInconsistentError,
|
|
|
|
} from '../../../errors/errors';
|
2020-09-27 15:48:42 -04:00
|
|
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
2021-01-30 12:09:00 -05:00
|
|
|
import {
|
|
|
|
NotePermissionsDto,
|
|
|
|
NotePermissionsUpdateDto,
|
|
|
|
} from '../../../notes/note-permissions.dto';
|
2020-07-26 15:00:18 -04:00
|
|
|
import { NotesService } from '../../../notes/notes.service';
|
|
|
|
import { RevisionsService } from '../../../revisions/revisions.service';
|
2020-09-27 10:16:07 -04:00
|
|
|
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
2021-01-15 12:53:09 -05:00
|
|
|
import { TokenAuthGuard } from '../../../auth/token-auth.guard';
|
2021-02-04 07:44:08 -05:00
|
|
|
import { ApiSecurity, ApiTags } from '@nestjs/swagger';
|
2021-02-03 15:22:55 -05:00
|
|
|
import { HistoryService } from '../../../history/history.service';
|
2021-01-29 18:06:38 -05:00
|
|
|
import { NoteDto } from '../../../notes/note.dto';
|
|
|
|
import { NoteMetadataDto } from '../../../notes/note-metadata.dto';
|
|
|
|
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
|
|
|
import { RevisionDto } from '../../../revisions/revision.dto';
|
2021-02-16 03:33:42 -05:00
|
|
|
import { PermissionsService } from '../../../permissions/permissions.service';
|
|
|
|
import { Note } from '../../../notes/note.entity';
|
2021-02-23 15:48:37 -05:00
|
|
|
import { Request } from 'express';
|
2020-07-25 14:13:06 -04:00
|
|
|
|
2021-02-04 07:44:08 -05:00
|
|
|
@ApiTags('notes')
|
2021-01-16 11:45:14 -05:00
|
|
|
@ApiSecurity('token')
|
2020-07-25 14:13:06 -04:00
|
|
|
@Controller('notes')
|
2020-07-26 15:00:18 -04:00
|
|
|
export class NotesController {
|
|
|
|
constructor(
|
2020-09-27 15:48:42 -04:00
|
|
|
private readonly logger: ConsoleLoggerService,
|
2020-07-26 15:00:18 -04:00
|
|
|
private noteService: NotesService,
|
|
|
|
private revisionsService: RevisionsService,
|
2021-02-16 03:33:42 -05:00
|
|
|
private permissionsService: PermissionsService,
|
2021-02-03 15:22:55 -05:00
|
|
|
private historyService: HistoryService,
|
2020-09-27 15:48:42 -04:00
|
|
|
) {
|
2020-10-03 09:53:30 -04:00
|
|
|
this.logger.setContext(NotesController.name);
|
2020-09-27 15:48:42 -04:00
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Post()
|
2021-01-30 12:09:00 -05:00
|
|
|
async createNote(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-01-30 12:09:00 -05:00
|
|
|
@MarkdownBody() text: string,
|
|
|
|
): Promise<NoteDto> {
|
2021-01-15 12:53:09 -05:00
|
|
|
// ToDo: provide user for createNoteDto
|
2021-02-16 03:33:42 -05:00
|
|
|
if (!this.permissionsService.mayCreate(req.user)) {
|
|
|
|
throw new UnauthorizedException('Creating note denied!');
|
|
|
|
}
|
|
|
|
this.logger.debug('Got raw markdown:\n' + text);
|
2021-02-20 14:14:36 -05:00
|
|
|
return await this.noteService.toNoteDto(
|
2021-01-30 12:09:00 -05:00
|
|
|
await this.noteService.createNote(text, undefined, req.user),
|
2021-01-29 18:06:38 -05:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2021-02-03 15:22:55 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
|
|
|
@Get(':noteIdOrAlias')
|
2021-02-16 03:33:42 -05:00
|
|
|
async getNote(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-02-16 03:33:42 -05:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
|
|
|
): Promise<NoteDto> {
|
|
|
|
let note: Note;
|
2021-02-03 15:22:55 -05:00
|
|
|
try {
|
2021-02-16 03:33:42 -05:00
|
|
|
note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
2021-02-03 15:22:55 -05:00
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-02-03 15:22:55 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2021-02-16 03:33:42 -05:00
|
|
|
if (!this.permissionsService.mayRead(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Reading note denied!');
|
|
|
|
}
|
|
|
|
await this.historyService.createOrUpdateHistoryEntry(note, req.user);
|
2021-02-20 14:14:36 -05:00
|
|
|
return await this.noteService.toNoteDto(note);
|
2021-02-03 15:22:55 -05:00
|
|
|
}
|
|
|
|
|
2021-01-29 18:06:38 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
|
|
|
@Post(':noteAlias')
|
|
|
|
async createNamedNote(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-01-29 18:06:38 -05:00
|
|
|
@Param('noteAlias') noteAlias: string,
|
|
|
|
@MarkdownBody() text: string,
|
|
|
|
): Promise<NoteDto> {
|
2021-02-16 03:33:42 -05:00
|
|
|
if (!this.permissionsService.mayCreate(req.user)) {
|
|
|
|
throw new UnauthorizedException('Creating note denied!');
|
|
|
|
}
|
2021-02-05 16:30:22 -05:00
|
|
|
this.logger.debug('Got raw markdown:\n' + text, 'createNamedNote');
|
2021-02-20 10:11:51 -05:00
|
|
|
try {
|
2021-02-20 14:14:36 -05:00
|
|
|
return await this.noteService.toNoteDto(
|
2021-02-20 10:11:51 -05:00
|
|
|
await this.noteService.createNote(text, noteAlias, req.user),
|
|
|
|
);
|
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof AlreadyInDBError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-02-20 10:11:51 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Delete(':noteIdOrAlias')
|
2021-01-15 12:53:09 -05:00
|
|
|
async deleteNote(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-01-15 12:53:09 -05:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
2021-01-29 18:06:38 -05:00
|
|
|
): Promise<void> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.isOwner(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Deleting note denied!');
|
|
|
|
}
|
|
|
|
this.logger.debug('Deleting note: ' + noteIdOrAlias, 'deleteNote');
|
2021-02-20 10:50:11 -05:00
|
|
|
await this.noteService.deleteNote(note);
|
2021-02-17 07:15:26 -05:00
|
|
|
this.logger.debug('Successfully deleted ' + noteIdOrAlias, 'deleteNote');
|
|
|
|
return;
|
2021-01-09 16:38:10 -05:00
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Put(':noteIdOrAlias')
|
2020-09-22 14:06:56 -04:00
|
|
|
async updateNote(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2020-07-26 15:00:18 -04:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
2020-09-27 10:16:07 -04:00
|
|
|
@MarkdownBody() text: string,
|
2021-01-30 12:09:00 -05:00
|
|
|
): Promise<NoteDto> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.mayWrite(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Updating note denied!');
|
|
|
|
}
|
|
|
|
this.logger.debug('Got raw markdown:\n' + text, 'updateNote');
|
2021-02-20 14:14:36 -05:00
|
|
|
return await this.noteService.toNoteDto(
|
2021-02-20 10:50:11 -05:00
|
|
|
await this.noteService.updateNote(note, text),
|
2021-01-29 18:06:38 -05:00
|
|
|
);
|
2021-01-09 16:38:10 -05:00
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Get(':noteIdOrAlias/content')
|
|
|
|
@Header('content-type', 'text/markdown')
|
2021-01-15 12:53:09 -05:00
|
|
|
async getNoteContent(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-01-15 12:53:09 -05:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
2021-01-30 12:09:00 -05:00
|
|
|
): Promise<string> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.mayRead(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Reading note denied!');
|
|
|
|
}
|
2021-02-22 16:34:18 -05:00
|
|
|
return await this.noteService.getNoteContent(note);
|
2021-01-09 16:38:10 -05:00
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Get(':noteIdOrAlias/metadata')
|
2021-01-15 12:53:09 -05:00
|
|
|
async getNoteMetadata(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-01-15 12:53:09 -05:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
2021-01-30 12:09:00 -05:00
|
|
|
): Promise<NoteMetadataDto> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.mayRead(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Reading note denied!');
|
|
|
|
}
|
2021-02-20 14:14:36 -05:00
|
|
|
return await this.noteService.toNoteMetadataDto(note);
|
2021-01-09 16:38:10 -05:00
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 10:11:51 -05:00
|
|
|
if (e instanceof PermissionsUpdateInconsistentError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2021-01-10 14:25:28 -05:00
|
|
|
@Put(':noteIdOrAlias/metadata/permissions')
|
2021-01-09 16:38:10 -05:00
|
|
|
async updateNotePermissions(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2020-07-26 15:00:18 -04:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
|
|
|
@Body() updateDto: NotePermissionsUpdateDto,
|
2021-01-30 12:09:00 -05:00
|
|
|
): Promise<NotePermissionsDto> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.isOwner(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Updating note denied!');
|
|
|
|
}
|
2021-02-24 15:17:05 -05:00
|
|
|
return this.noteService.toNotePermissionsDto(
|
2021-02-24 16:33:47 -05:00
|
|
|
await this.noteService.updateNotePermissions(note, updateDto),
|
2021-01-09 16:38:10 -05:00
|
|
|
);
|
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Get(':noteIdOrAlias/revisions')
|
2021-01-15 12:53:09 -05:00
|
|
|
async getNoteRevisions(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2021-01-15 12:53:09 -05:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
2021-01-30 12:09:00 -05:00
|
|
|
): Promise<RevisionMetadataDto[]> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.mayRead(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Reading note denied!');
|
|
|
|
}
|
2021-02-20 10:50:11 -05:00
|
|
|
const revisions = await this.revisionsService.getAllRevisions(note);
|
2021-02-20 14:14:36 -05:00
|
|
|
return await Promise.all(
|
2021-01-30 12:09:00 -05:00
|
|
|
revisions.map((revision) =>
|
|
|
|
this.revisionsService.toRevisionMetadataDto(revision),
|
|
|
|
),
|
2021-01-29 18:06:38 -05:00
|
|
|
);
|
2021-01-09 16:38:10 -05:00
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
|
2021-01-15 12:53:09 -05:00
|
|
|
@UseGuards(TokenAuthGuard)
|
2020-07-26 15:00:18 -04:00
|
|
|
@Get(':noteIdOrAlias/revisions/:revisionId')
|
2021-01-09 16:38:10 -05:00
|
|
|
async getNoteRevision(
|
2021-02-23 15:48:37 -05:00
|
|
|
@Req() req: Request,
|
2020-07-26 15:00:18 -04:00
|
|
|
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
2020-09-22 15:08:14 -04:00
|
|
|
@Param('revisionId') revisionId: number,
|
2021-01-30 12:09:00 -05:00
|
|
|
): Promise<RevisionDto> {
|
2021-01-09 16:38:10 -05:00
|
|
|
try {
|
2021-02-17 07:15:26 -05:00
|
|
|
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
|
|
|
if (!this.permissionsService.mayRead(req.user, note)) {
|
|
|
|
throw new UnauthorizedException('Reading note denied!');
|
|
|
|
}
|
2021-01-29 18:06:38 -05:00
|
|
|
return this.revisionsService.toRevisionDto(
|
2021-02-20 10:50:11 -05:00
|
|
|
await this.revisionsService.getRevision(note, revisionId),
|
2021-01-09 16:38:10 -05:00
|
|
|
);
|
|
|
|
} catch (e) {
|
|
|
|
if (e instanceof NotInDBError) {
|
|
|
|
throw new NotFoundException(e.message);
|
|
|
|
}
|
2021-02-20 16:21:31 -05:00
|
|
|
if (e instanceof ForbiddenIdError) {
|
|
|
|
throw new BadRequestException(e.message);
|
|
|
|
}
|
2021-01-09 16:38:10 -05:00
|
|
|
throw e;
|
|
|
|
}
|
2020-07-26 15:00:18 -04:00
|
|
|
}
|
|
|
|
}
|