From 550bf9104906682cdb16bd126bcd2b13a98e0f36 Mon Sep 17 00:00:00 2001 From: Erik Michelson Date: Sun, 23 Jul 2023 20:28:09 +0200 Subject: [PATCH] fix: check for existent notes on POST Signed-off-by: Erik Michelson --- lib/web/note/util.js | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/lib/web/note/util.js b/lib/web/note/util.js index 6604ea35a..81fb2cb6a 100644 --- a/lib/web/note/util.js +++ b/lib/web/note/util.js @@ -2,6 +2,7 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') const errors = require('../../errors') +const { Op } = require('sequelize') const fs = require('fs') const path = require('path') @@ -48,7 +49,14 @@ exports.checkViewPermission = function (req, note) { exports.newNote = async function (req, res, body) { let owner = null + let decodedNoteId const noteId = req.params.noteId ? req.params.noteId : null + try { + decodedNoteId = models.Note.decodeNoteId(noteId) + } catch (error) { + decodedNoteId = '' + } + if (req.isAuthenticated()) { owner = req.user.id } else if (!config.allowAnonymous) { @@ -62,17 +70,24 @@ exports.newNote = async function (req, res, body) { } try { - const id = await new Promise((resolve, reject) => { - models.Note.parseNoteId(noteId, (err, id) => { - if (err) { - reject(err) - } else { - resolve(id) - } - }) + const possibleFilePath = path.join(config.docsPath, path.basename(noteId) + '.md') + const noteFileExists = await models.Note.checkFileExist(possibleFilePath) + const count = await models.Note.count({ + where: { + [Op.or]: [ + { + alias: req.alias + }, + { + id: decodedNoteId + }, + { + shortId: req.alias + } + ] + } }) - - if (id) { + if (count > 0 || noteFileExists) { return errors.errorConflict(res) } } catch (error) {