hedgedoc/old_src/lib/web/note/util.ts

import { Request, Response } from 'express'
import fs from 'fs'

import path from 'path'
import { config } from '../../config'
import { errors } from '../../errors'
import { logger } from '../../logger'
import { Note } from '../../models'
import { PhotoProfile } from '../../utils/PhotoProfile'

export function newNote (req, res: Response, body: string | null): void {
  let owner = null
  const noteId = req.params.noteId ? req.params.noteId : null
  if (req.isAuthenticated()) {
    owner = req.user.id
  } else if (!config.allowAnonymous) {
    return errors.errorForbidden(res)
  }
  if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
    req.alias = noteId
  } else if (noteId) {
    return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
  }
  Note.create({
    ownerId: owner,
    alias: req.alias ? req.alias : null,
    content: body
  }).then(function (note) {
    return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)))
  }).catch(function (err) {
    logger.error(err)
    return errors.errorInternalError(res)
  })
}

export enum Permission {
    None,
    Read,
    Write,
    Owner
}

interface NoteObject {
  ownerId?: string;
  permission: string;
}

export function getPermission (user, note: NoteObject): Permission {
  // There are two possible User objects we get passed. One is from socket.io
  // and the other is from passport directly. The former sets the logged_in
  // parameter to either true or false, whereas for the latter, the logged_in
  // parameter is always undefined, and the existence of user itself means the
  // user is logged in.
  if (!user || user.logged_in === false) {
    // Anonymous
    switch (note.permission) {
      case 'freely':
        return Permission.Write
      case 'editable':
      case 'locked':
        return Permission.Read
      default:
        return Permission.None
    }
  } else if (note.ownerId === user.id) {
    // Owner
    return Permission.Owner
  } else {
    // Registered user
    switch (note.permission) {
      case 'editable':
      case 'limited':
      case 'freely':
        return Permission.Write
      case 'locked':
      case 'protected':
        return Permission.Read
      default:
        return Permission.None
    }
  }
}

export function findNoteOrCreate (req: Request, res: Response, callback: (note: Note) => void): void {
  const id = req.params.noteId || req.params.shortid
  Note.parseNoteId(id, function (err, _id) {
    if (err) {
      logger.error(err)
      return errors.errorInternalError(res)
    }
    Note.findOne({
      where: {
        id: _id
      }
    }).then(function (note) {
      if (!note) {
        return newNote(req, res, '')
      }
      if (getPermission(req.user, note) === Permission.None) {
        return errors.errorForbidden(res)
      } else {
        return callback(note)
      }
    }).catch(function (err) {
      logger.error(err)
      return errors.errorInternalError(res)
    })
  })
}

function isRevealTheme (theme: string): string | undefined {
  if (fs.existsSync(path.join(__dirname, '..', '..', '..', '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) {
    return theme
  }
  return undefined
}

export function getPublishData (req: Request, res: Response, note, callback: (data) => void): void {
  const body = note.content
  const extracted = Note.extractMeta(body)
  const markdown = extracted.markdown
  const meta = Note.parseMeta(extracted.meta)
  const createtime = note.createdAt
  const updatetime = note.lastchangeAt
  let title = Note.decodeTitle(note.title)
  title = Note.generateWebTitle(meta.title || title)
  const ogdata = Note.parseOpengraph(meta, title)
  const data = {
    title: title,
    description: meta.description || (markdown ? Note.generateDescription(markdown) : null),
    viewcount: note.viewcount,
    createtime: createtime,
    updatetime: updatetime,
    body: markdown,
    theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme),
    meta: JSON.stringify(extracted.meta),
    owner: note.owner ? note.owner.id : null,
    ownerprofile: note.owner ? PhotoProfile.fromUser(note.owner) : null,
    lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,
    lastchangeuserprofile: note.lastchangeuser ? PhotoProfile.fromUser(note.lastchangeuser) : null,
    robots: meta.robots || false, // default allow robots
    GA: meta.GA,
    disqus: meta.disqus,
    cspNonce: res.locals.nonce,
    dnt: req.headers.dnt,
    opengraph: ogdata
  }
  callback(data)
}
Types and lint fixes in lib/web/note Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-24 12:10:37 -04:00			`import { Request, Response } from 'express'`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`import fs from 'fs'`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00
Use import syntax for logger and config Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-12 07:11:06 -04:00			`import path from 'path'`
			`import { config } from '../../config'`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`import { errors } from '../../errors'`
Use import syntax for logger and config Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-12 07:11:06 -04:00			`import { logger } from '../../logger'`
Move ProviderEnum and PassportProfile to web/auth/utils.ts These two are directly related with auth stuff and seem to fit much better there. Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-06-06 13:59:53 -04:00			`import { Note } from '../../models'`
Separate User and PhotoProfile classes into their own files Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-06-12 16:10:57 -04:00			`import { PhotoProfile } from '../../utils/PhotoProfile'`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00
Types and lint fixes in lib/web/note Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-24 12:10:37 -04:00			`export function newNote (req, res: Response, body: string \| null): void {`
More ESLint fixes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-09 06:49:28 -04:00			`let owner = null`
			`const noteId = req.params.noteId ? req.params.noteId : null`
			`if (req.isAuthenticated()) {`
			`owner = req.user.id`
			`} else if (!config.allowAnonymous) {`
			`return errors.errorForbidden(res)`
			`}`
			`if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {`
			`req.alias = noteId`
			`} else if (noteId) {`
			`return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)`
			`}`
			`Note.create({`
			`ownerId: owner,`
			`alias: req.alias ? req.alias : null,`
			`content: body`
			`}).then(function (note) {`
			`return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)))`
			`}).catch(function (err) {`
			`logger.error(err)`
			`return errors.errorInternalError(res)`
			`})`
			`}`

Centralize permission checking This makes it more convenient to modify the permission model, both for future modifications and for custom installations. This changes the `owner` property of NoteSession to `ownerId`, which is a more accurate description anyway. Signed-off-by: Dexter Chua <dec41@srcf.net> 2020-06-23 06:43:24 -04:00			`export enum Permission {`
			`None,`
			`Read,`
			`Write,`
			`Owner`
			`}`

			`interface NoteObject {`
			`ownerId?: string;`
			`permission: string;`
			`}`

			`export function getPermission (user, note: NoteObject): Permission {`
			`// There are two possible User objects we get passed. One is from socket.io`
			`// and the other is from passport directly. The former sets the logged_in`
			`// parameter to either true or false, whereas for the latter, the logged_in`
			`// parameter is always undefined, and the existence of user itself means the`
			`// user is logged in.`
			`if (!user \|\| user.logged_in === false) {`
			`// Anonymous`
			`switch (note.permission) {`
			`case 'freely':`
			`return Permission.Write`
			`case 'editable':`
			`case 'locked':`
			`return Permission.Read`
			`default:`
			`return Permission.None`
			`}`
			`} else if (note.ownerId === user.id) {`
			`// Owner`
			`return Permission.Owner`
More ESLint fixes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-09 06:49:28 -04:00			`} else {`
Centralize permission checking This makes it more convenient to modify the permission model, both for future modifications and for custom installations. This changes the `owner` property of NoteSession to `ownerId`, which is a more accurate description anyway. Signed-off-by: Dexter Chua <dec41@srcf.net> 2020-06-23 06:43:24 -04:00			`// Registered user`
			`switch (note.permission) {`
			`case 'editable':`
			`case 'limited':`
			`case 'freely':`
			`return Permission.Write`
			`case 'locked':`
			`case 'protected':`
			`return Permission.Read`
			`default:`
			`return Permission.None`
			`}`
More ESLint fixes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-09 06:49:28 -04:00			`}`
			`}`

Types and lint fixes in lib/web/note Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-24 12:10:37 -04:00			`export function findNoteOrCreate (req: Request, res: Response, callback: (note: Note) => void): void {`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`const id = req.params.noteId \|\| req.params.shortid`
			`Note.parseNoteId(id, function (err, _id) {`
			`if (err) {`
			`logger.error(err)`
			`return errors.errorInternalError(res)`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00			`}`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`Note.findOne({`
			`where: {`
			`id: _id`
			`}`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00			`}).then(function (note) {`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`if (!note) {`
Run eslint --fix on lib/ Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-09 09:01:03 -04:00			`return newNote(req, res, '')`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`}`
Centralize permission checking This makes it more convenient to modify the permission model, both for future modifications and for custom installations. This changes the `owner` property of NoteSession to `ownerId`, which is a more accurate description anyway. Signed-off-by: Dexter Chua <dec41@srcf.net> 2020-06-23 06:43:24 -04:00			`if (getPermission(req.user, note) === Permission.None) {`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`return errors.errorForbidden(res)`
			`} else {`
			`return callback(note)`
			`}`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00			`}).catch(function (err) {`
Use import syntax for logger and config Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-12 07:11:06 -04:00			`logger.error(err)`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00			`return errors.errorInternalError(res)`
			`})`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`})`
			`}`

Types and lint fixes in lib/web/note Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-24 12:10:37 -04:00			`function isRevealTheme (theme: string): string \| undefined {`
Fix relative path in web/note/util Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-23 08:45:51 -04:00			`if (fs.existsSync(path.join(__dirname, '..', '..', '..', '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) {`
More ESLint fixes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-09 06:49:28 -04:00			`return theme`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`}`
More ESLint fixes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-09 06:49:28 -04:00			`return undefined`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`}`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00
Types and lint fixes in lib/web/note Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-05-24 12:10:37 -04:00			`export function getPublishData (req: Request, res: Response, note, callback: (data) => void): void {`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`const body = note.content`
			`const extracted = Note.extractMeta(body)`
			`const markdown = extracted.markdown`
			`const meta = Note.parseMeta(extracted.meta)`
			`const createtime = note.createdAt`
			`const updatetime = note.lastchangeAt`
			`let title = Note.decodeTitle(note.title)`
			`title = Note.generateWebTitle(meta.title \|\| title)`
			`const ogdata = Note.parseOpengraph(meta, title)`
			`const data = {`
			`title: title,`
			`description: meta.description \|\| (markdown ? Note.generateDescription(markdown) : null),`
			`viewcount: note.viewcount,`
			`createtime: createtime,`
			`updatetime: updatetime,`
			`body: markdown,`
			`theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme),`
			`meta: JSON.stringify(extracted.meta),`
			`owner: note.owner ? note.owner.id : null,`
Move profile-related functions into PhotoProfile The previous Profile type was renamed to PassportProfile, as it is only used for profile-information from Passport plugins. All functions relating to profile-parsing are now encapsulated in the PhotoProfile class (naming still debatable). Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-06-04 15:25:42 -04:00			`ownerprofile: note.owner ? PhotoProfile.fromUser(note.owner) : null,`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,`
Move profile-related functions into PhotoProfile The previous Profile type was renamed to PassportProfile, as it is only used for profile-information from Passport plugins. All functions relating to profile-parsing are now encapsulated in the PhotoProfile class (naming still debatable). Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-06-04 15:25:42 -04:00			`lastchangeuserprofile: note.lastchangeuser ? PhotoProfile.fromUser(note.lastchangeuser) : null,`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`robots: meta.robots \|\| false, // default allow robots`
			`GA: meta.GA,`
			`disqus: meta.disqus,`
			`cspNonce: res.locals.nonce,`
			`dnt: req.headers.dnt,`
			`opengraph: ogdata`
Convert first files to TypeScript Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-11-23 15:34:31 -05:00			`}`
ESLint fixes for Notes Signed-off-by: David Mehren <dmehren1@gmail.com> 2020-04-25 14:58:38 -04:00			`callback(data)`
			`}`