Merge pull request #1084 from hedgedoc/fix/double-freeurl-note-creation

2025-03-15 04:52:44 +00:00 · 2021-03-29 23:14:14 +02:00 · 2021-03-29 23:14:14 +02:00 · 3a60f069cb
commit 3a60f069cb
parent bede2530cf dcea082286
2 changed files with 18 additions and 2 deletions
--- a/lib/errors.js
+++ b/lib/errors.js
@ -20,6 +20,9 @@ module.exports = {
  errorBadRequest: function (res) {
    responseError(res, '400', 'Bad Request', 'something not right.')
  },
+  errorConflict: function (res) {
+    responseError(res, '409', 'Conflict', 'This note already exists.')
+  },
  errorTooLong: function (res) {
    responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
  },
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@ -46,7 +46,7 @@ exports.checkViewPermission = function (req, note) {
  }
 }

-exports.newNote = function (req, res, body) {
+exports.newNote = async function (req, res, body) {
  let owner = null
  const noteId = req.params.noteId ? req.params.noteId : null
  if (req.isAuthenticated()) {
@ -60,6 +60,19 @@ exports.newNote = function (req, res, body) {
    } else {
      return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
    }
+    try {
+      const count = await models.Note.count({
+        where: {
+          alias: req.alias
+        }
+      })
+      if (count > 0) {
+        return errors.errorConflict(res)
+      }
+    } catch (err) {
+      logger.error('Error while checking for possible duplicate: ' + err)
+      return errors.errorInternalError(res)
+    }
  }
  models.Note.create({
    ownerId: owner,
@ -69,7 +82,7 @@ exports.newNote = function (req, res, body) {
  }).then(function (note) {
    return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
  }).catch(function (err) {
-    logger.error(err)
+    logger.error('Note could not be created: ' + err)
    return errors.errorInternalError(res)
  })
 }