2020-05-24 12:10:37 -04:00
|
|
|
import { Request, Response } from 'express'
|
2020-04-25 14:58:38 -04:00
|
|
|
import fs from 'fs'
|
2019-11-23 15:34:31 -05:00
|
|
|
|
2020-04-12 07:11:06 -04:00
|
|
|
import path from 'path'
|
|
|
|
import { config } from '../../config'
|
2020-04-25 14:58:38 -04:00
|
|
|
import { errors } from '../../errors'
|
2020-04-12 07:11:06 -04:00
|
|
|
import { logger } from '../../logger'
|
2020-06-06 13:59:53 -04:00
|
|
|
import { Note } from '../../models'
|
2020-06-12 16:10:57 -04:00
|
|
|
import { PhotoProfile } from '../../utils/PhotoProfile'
|
2019-11-23 15:34:31 -05:00
|
|
|
|
2020-05-24 12:10:37 -04:00
|
|
|
export function newNote (req, res: Response, body: string | null): void {
|
2020-05-09 06:49:28 -04:00
|
|
|
let owner = null
|
|
|
|
const noteId = req.params.noteId ? req.params.noteId : null
|
|
|
|
if (req.isAuthenticated()) {
|
|
|
|
owner = req.user.id
|
|
|
|
} else if (!config.allowAnonymous) {
|
|
|
|
return errors.errorForbidden(res)
|
|
|
|
}
|
|
|
|
if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
|
|
|
|
req.alias = noteId
|
|
|
|
} else if (noteId) {
|
|
|
|
return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
|
|
|
|
}
|
|
|
|
Note.create({
|
|
|
|
ownerId: owner,
|
|
|
|
alias: req.alias ? req.alias : null,
|
|
|
|
content: body
|
|
|
|
}).then(function (note) {
|
|
|
|
return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)))
|
|
|
|
}).catch(function (err) {
|
|
|
|
logger.error(err)
|
|
|
|
return errors.errorInternalError(res)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-06-23 06:43:24 -04:00
|
|
|
export enum Permission {
|
|
|
|
None,
|
|
|
|
Read,
|
|
|
|
Write,
|
|
|
|
Owner
|
|
|
|
}
|
|
|
|
|
|
|
|
interface NoteObject {
|
|
|
|
ownerId?: string;
|
|
|
|
permission: string;
|
|
|
|
}
|
|
|
|
|
|
|
|
export function getPermission (user, note: NoteObject): Permission {
|
|
|
|
// There are two possible User objects we get passed. One is from socket.io
|
|
|
|
// and the other is from passport directly. The former sets the logged_in
|
|
|
|
// parameter to either true or false, whereas for the latter, the logged_in
|
|
|
|
// parameter is always undefined, and the existence of user itself means the
|
|
|
|
// user is logged in.
|
|
|
|
if (!user || user.logged_in === false) {
|
|
|
|
// Anonymous
|
|
|
|
switch (note.permission) {
|
|
|
|
case 'freely':
|
|
|
|
return Permission.Write
|
|
|
|
case 'editable':
|
|
|
|
case 'locked':
|
|
|
|
return Permission.Read
|
|
|
|
default:
|
|
|
|
return Permission.None
|
|
|
|
}
|
|
|
|
} else if (note.ownerId === user.id) {
|
|
|
|
// Owner
|
|
|
|
return Permission.Owner
|
2020-05-09 06:49:28 -04:00
|
|
|
} else {
|
2020-06-23 06:43:24 -04:00
|
|
|
// Registered user
|
|
|
|
switch (note.permission) {
|
|
|
|
case 'editable':
|
|
|
|
case 'limited':
|
|
|
|
case 'freely':
|
|
|
|
return Permission.Write
|
|
|
|
case 'locked':
|
|
|
|
case 'protected':
|
|
|
|
return Permission.Read
|
|
|
|
default:
|
|
|
|
return Permission.None
|
|
|
|
}
|
2020-05-09 06:49:28 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-24 12:10:37 -04:00
|
|
|
export function findNoteOrCreate (req: Request, res: Response, callback: (note: Note) => void): void {
|
2020-04-25 14:58:38 -04:00
|
|
|
const id = req.params.noteId || req.params.shortid
|
|
|
|
Note.parseNoteId(id, function (err, _id) {
|
|
|
|
if (err) {
|
|
|
|
logger.error(err)
|
|
|
|
return errors.errorInternalError(res)
|
2019-11-23 15:34:31 -05:00
|
|
|
}
|
2020-04-25 14:58:38 -04:00
|
|
|
Note.findOne({
|
|
|
|
where: {
|
|
|
|
id: _id
|
|
|
|
}
|
2019-11-23 15:34:31 -05:00
|
|
|
}).then(function (note) {
|
2020-04-25 14:58:38 -04:00
|
|
|
if (!note) {
|
2020-05-09 09:01:03 -04:00
|
|
|
return newNote(req, res, '')
|
2020-04-25 14:58:38 -04:00
|
|
|
}
|
2020-06-23 06:43:24 -04:00
|
|
|
if (getPermission(req.user, note) === Permission.None) {
|
2020-04-25 14:58:38 -04:00
|
|
|
return errors.errorForbidden(res)
|
|
|
|
} else {
|
|
|
|
return callback(note)
|
|
|
|
}
|
2019-11-23 15:34:31 -05:00
|
|
|
}).catch(function (err) {
|
2020-04-12 07:11:06 -04:00
|
|
|
logger.error(err)
|
2019-11-23 15:34:31 -05:00
|
|
|
return errors.errorInternalError(res)
|
|
|
|
})
|
2020-04-25 14:58:38 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-05-24 12:10:37 -04:00
|
|
|
function isRevealTheme (theme: string): string | undefined {
|
2020-05-23 08:45:51 -04:00
|
|
|
if (fs.existsSync(path.join(__dirname, '..', '..', '..', '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) {
|
2020-05-09 06:49:28 -04:00
|
|
|
return theme
|
2020-04-25 14:58:38 -04:00
|
|
|
}
|
2020-05-09 06:49:28 -04:00
|
|
|
return undefined
|
2020-04-25 14:58:38 -04:00
|
|
|
}
|
2019-11-23 15:34:31 -05:00
|
|
|
|
2020-05-24 12:10:37 -04:00
|
|
|
export function getPublishData (req: Request, res: Response, note, callback: (data) => void): void {
|
2020-04-25 14:58:38 -04:00
|
|
|
const body = note.content
|
|
|
|
const extracted = Note.extractMeta(body)
|
|
|
|
const markdown = extracted.markdown
|
|
|
|
const meta = Note.parseMeta(extracted.meta)
|
|
|
|
const createtime = note.createdAt
|
|
|
|
const updatetime = note.lastchangeAt
|
|
|
|
let title = Note.decodeTitle(note.title)
|
|
|
|
title = Note.generateWebTitle(meta.title || title)
|
|
|
|
const ogdata = Note.parseOpengraph(meta, title)
|
|
|
|
const data = {
|
|
|
|
title: title,
|
|
|
|
description: meta.description || (markdown ? Note.generateDescription(markdown) : null),
|
|
|
|
viewcount: note.viewcount,
|
|
|
|
createtime: createtime,
|
|
|
|
updatetime: updatetime,
|
|
|
|
body: markdown,
|
|
|
|
theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme),
|
|
|
|
meta: JSON.stringify(extracted.meta),
|
|
|
|
owner: note.owner ? note.owner.id : null,
|
2020-06-04 15:25:42 -04:00
|
|
|
ownerprofile: note.owner ? PhotoProfile.fromUser(note.owner) : null,
|
2020-04-25 14:58:38 -04:00
|
|
|
lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,
|
2020-06-04 15:25:42 -04:00
|
|
|
lastchangeuserprofile: note.lastchangeuser ? PhotoProfile.fromUser(note.lastchangeuser) : null,
|
2020-04-25 14:58:38 -04:00
|
|
|
robots: meta.robots || false, // default allow robots
|
|
|
|
GA: meta.GA,
|
|
|
|
disqus: meta.disqus,
|
|
|
|
cspNonce: res.locals.nonce,
|
|
|
|
dnt: req.headers.dnt,
|
|
|
|
opengraph: ogdata
|
2019-11-23 15:34:31 -05:00
|
|
|
}
|
2020-04-25 14:58:38 -04:00
|
|
|
callback(data)
|
|
|
|
}
|