fix: check for existent notes on POST

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-21 09:16:30 -05:00 · 2023-07-23 20:28:09 +02:00 · 2023-07-23 20:28:09 +02:00 · 550bf91049
commit 550bf91049
parent 97a5e58077
1 changed files with 25 additions and 10 deletions
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@ -2,6 +2,7 @@ const models = require('../../models')
 const logger = require('../../logger')
 const config = require('../../config')
 const errors = require('../../errors')
+const { Op } = require('sequelize')
 const fs = require('fs')
 const path = require('path')

@ -48,7 +49,14 @@ exports.checkViewPermission = function (req, note) {

 exports.newNote = async function (req, res, body) {
  let owner = null
+  let decodedNoteId
  const noteId = req.params.noteId ? req.params.noteId : null
+  try {
+    decodedNoteId = models.Note.decodeNoteId(noteId)
+  } catch (error) {
+    decodedNoteId = ''
+  }
+
  if (req.isAuthenticated()) {
    owner = req.user.id
  } else if (!config.allowAnonymous) {
@ -62,17 +70,24 @@ exports.newNote = async function (req, res, body) {
    }

    try {
-      const id = await new Promise((resolve, reject) => {
-        models.Note.parseNoteId(noteId, (err, id) => {
-          if (err) {
-            reject(err)
-          } else {
-            resolve(id)
-          }
-        })
+      const possibleFilePath = path.join(config.docsPath, path.basename(noteId) + '.md')
+      const noteFileExists = await models.Note.checkFileExist(possibleFilePath)
+      const count = await models.Note.count({
+        where: {
+          [Op.or]: [
+            {
+              alias: req.alias
+            },
+            {
+              id: decodedNoteId
+            },
+            {
+              shortId: req.alias
+            }
+          ]
+        }
      })
-
-      if (id) {
+      if (count > 0 || noteFileExists) {
        return errors.errorConflict(res)
      }
    } catch (error) {