diff --git a/src/lib/response.ts b/src/lib/response.ts index a8bc9b5fe..f01d576ec 100644 --- a/src/lib/response.ts +++ b/src/lib/response.ts @@ -6,7 +6,7 @@ import fs from 'fs' import { logger } from './logger' -import { NoteUtils } from './web/note/util' +import * as NoteUtils from './web/note/util' import { errors } from './errors' diff --git a/src/lib/web/note/controller.ts b/src/lib/web/note/controller.ts index 57e0a54e8..79711af85 100644 --- a/src/lib/web/note/controller.ts +++ b/src/lib/web/note/controller.ts @@ -1,140 +1,138 @@ import { NextFunction, Request, Response } from 'express' -import { NoteUtils } from './util' -import * as ActionController from './actions' -import { errors } from '../../errors' import { config } from '../../config' +import { errors } from '../../errors' import { logger } from '../../logger' -import { User, Note } from '../../models' +import { Note, User } from '../../models' +import * as ActionController from './actions' +import * as NoteUtils from './util' -export module NoteController { - export function publishNoteActions (req: any, res: Response, next: NextFunction) { - NoteUtils.findNoteOrCreate(req, res, function (note) { - const action = req.params.action - switch (action) { - case 'download': - exports.downloadMarkdown(req, res, note) - break - case 'edit': - res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)) + '?both') - break - default: - res.redirect(config.serverURL + '/s/' + note.shortid) - break - } - }) - } - - export function showPublishNote (req: any, res: Response, next: NextFunction) { - const include = [{ - model: User, - as: 'owner' - }, { - model: User, - as: 'lastchangeuser' - }] - NoteUtils.findNoteOrCreate(req, res, function (note) { - // force to use short id - const shortid = req.params.shortid - if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { - return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) - } - note.increment('viewcount').then(function (note) { - if (!note) { - return errors.errorNotFound(res) - } - NoteUtils.getPublishData(req, res, note, (data) => { - res.set({ - 'Cache-Control': 'private' // only cache by client - }) - return res.render('pretty.ejs', data) - }) - }).catch(function (err) { - logger.error(err) - return errors.errorInternalError(res) - }) - }, include) - } - - export function showNote (req: any, res: Response, next: NextFunction) { - NoteUtils.findNoteOrCreate(req, res, function (note) { - // force to use note id - const noteId = req.params.noteId - const id = Note.encodeNoteId(note.id) - if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { - return res.redirect(config.serverURL + '/' + (note.alias || id)) - } - const body = note.content - const extracted = Note.extractMeta(body) - const meta = Note.parseMeta(extracted.meta) - let title = Note.decodeTitle(note.title) - title = Note.generateWebTitle(meta.title || title) - const opengraph = Note.parseOpengraph(meta, title) - res.set({ - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - return res.render('codimd.ejs', { - title: title, - opengraph: opengraph - }) - }) - } - - export function createFromPOST (req: any, res: Response, next: NextFunction) { - let body = '' - if (req.body && req.body.length > config.documentMaxLength) { - return errors.errorTooLong(res) - } else if (req.body) { - body = req.body +export function publishNoteActions (req: any, res: Response, next: NextFunction) { + NoteUtils.findNoteOrCreate(req, res, function (note) { + const action = req.params.action + switch (action) { + case 'download': + exports.downloadMarkdown(req, res, note) + break + case 'edit': + res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)) + '?both') + break + default: + res.redirect(config.serverURL + '/s/' + note.shortid) + break } - body = body.replace(/[\r]/g, '') - return NoteUtils.newNote(req, res, body) - } + }) +} - export function doAction (req: any, res: Response, next: NextFunction) { - const noteId = req.params.noteId - NoteUtils.findNoteOrCreate(req, res, (note) => { - const action = req.params.action - // TODO: Don't switch on action, choose action in Router and use separate functions - switch (action) { - case 'publish': - case 'pretty': // pretty deprecated - res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) - break - case 'slide': - res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) - break - case 'download': - exports.downloadMarkdown(req, res, note) - break - case 'info': - ActionController.getInfo(req, res, note) - break - case 'gist': - ActionController.createGist(req, res, note) - break - case 'revision': - ActionController.getRevision(req, res, note) - break - default: - return res.redirect(config.serverURL + '/' + noteId) +export function showPublishNote (req: any, res: Response, next: NextFunction) { + const include = [{ + model: User, + as: 'owner' + }, { + model: User, + as: 'lastchangeuser' + }] + NoteUtils.findNoteOrCreate(req, res, function (note) { + // force to use short id + const shortid = req.params.shortid + if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { + return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) + } + note.increment('viewcount').then(function (note) { + if (!note) { + return errors.errorNotFound(res) } + NoteUtils.getPublishData(req, res, note, (data) => { + res.set({ + 'Cache-Control': 'private' // only cache by client + }) + return res.render('pretty.ejs', data) + }) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) }) - } + }, include) +} - export function downloadMarkdown (req: Request, res: Response, note: any) { +export function showNote (req: any, res: Response, next: NextFunction) { + NoteUtils.findNoteOrCreate(req, res, function (note) { + // force to use note id + const noteId = req.params.noteId + const id = Note.encodeNoteId(note.id) + if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { + return res.redirect(config.serverURL + '/' + (note.alias || id)) + } const body = note.content - let filename = Note.decodeTitle(note.title) - filename = encodeURIComponent(filename) + const extracted = Note.extractMeta(body) + const meta = Note.parseMeta(extracted.meta) + let title = Note.decodeTitle(note.title) + title = Note.generateWebTitle(meta.title || title) + const opengraph = Note.parseOpengraph(meta, title) res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Content-Type': 'text/markdown; charset=UTF-8', - 'Cache-Control': 'private', - 'Content-disposition': 'attachment; filename=' + filename + '.md', + 'Cache-Control': 'private', // only cache by client 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling }) - res.send(body) - } + return res.render('codimd.ejs', { + title: title, + opengraph: opengraph + }) + }) +} + +export function createFromPOST (req: any, res: Response, next: NextFunction) { + let body = '' + if (req.body && req.body.length > config.documentMaxLength) { + return errors.errorTooLong(res) + } else if (req.body) { + body = req.body + } + body = body.replace(/[\r]/g, '') + return NoteUtils.newNote(req, res, body) +} + +export function doAction (req: any, res: Response, next: NextFunction) { + const noteId = req.params.noteId + NoteUtils.findNoteOrCreate(req, res, (note) => { + const action = req.params.action + // TODO: Don't switch on action, choose action in Router and use separate functions + switch (action) { + case 'publish': + case 'pretty': // pretty deprecated + res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) + break + case 'slide': + res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) + break + case 'download': + exports.downloadMarkdown(req, res, note) + break + case 'info': + ActionController.getInfo(req, res, note) + break + case 'gist': + ActionController.createGist(req, res, note) + break + case 'revision': + ActionController.getRevision(req, res, note) + break + default: + return res.redirect(config.serverURL + '/' + noteId) + } + }) +} + +export function downloadMarkdown (req: Request, res: Response, note: any) { + const body = note.content + let filename = Note.decodeTitle(note.title) + filename = encodeURIComponent(filename) + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Content-Type': 'text/markdown; charset=UTF-8', + 'Cache-Control': 'private', + 'Content-disposition': 'attachment; filename=' + filename + '.md', + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(body) } diff --git a/src/lib/web/note/router.ts b/src/lib/web/note/router.ts index 7eecd08c9..034d89a16 100644 --- a/src/lib/web/note/router.ts +++ b/src/lib/web/note/router.ts @@ -1,8 +1,8 @@ -import { markdownParser } from '../utils' - -import { SlideController } from './slide' -import { NoteController } from './controller' import { Router } from 'express' +import { markdownParser } from '../utils' +import * as NoteController from './controller' + +import * as SlideController from './slide' const NoteRouter = Router() // get new note diff --git a/src/lib/web/note/slide.ts b/src/lib/web/note/slide.ts index 9ee4f29ae..5008295f1 100644 --- a/src/lib/web/note/slide.ts +++ b/src/lib/web/note/slide.ts @@ -1,52 +1,48 @@ -import { NextFunction, Response } from "express"; -import { NoteUtils } from "./util"; +import { NextFunction, Response } from 'express' +import { config } from '../../config' import { errors } from '../../errors' import { logger } from '../../logger' -import { config } from '../../config' -import { User } from "../../models/user"; -import { Note } from "../../models/note"; +import { Note, User } from '../../models' +import * as NoteUtils from './util' - -export module SlideController { - export function publishSlideActions(req: any, res: Response, next: NextFunction) { - NoteUtils.findNoteOrCreate(req, res, function (note) { - const action = req.params.action - if (action === 'edit') { - res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)) + '?both') - } else { res.redirect(config.serverURL + '/p/' + note.shortid) } - }) - } - - - - export function showPublishSlide(req: any, res: Response, next: NextFunction) { - const include = [{ - model: User, - as: 'owner' - }, { - model: User, - as: 'lastchangeuser' - }] - NoteUtils.findNoteOrCreate(req, res, function (note) { - // force to use short id - const shortid = req.params.shortid - if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { - return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) - } - note.increment('viewcount').then(function (note) { - if (!note) { - return errors.errorNotFound(res) - } - NoteUtils.getPublishData(req, res, note, (data) => { - res.set({ - 'Cache-Control': 'private' // only cache by client - }) - return res.render('slide.ejs', data) - }) - }).catch(function (err) { - logger.error(err) - return errors.errorInternalError(res) - }) - }, include) - } +export function publishSlideActions (req: any, res: Response, next: NextFunction) { + NoteUtils.findNoteOrCreate(req, res, function (note) { + const action = req.params.action + if (action === 'edit') { + res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id)) + '?both') + } else { + res.redirect(config.serverURL + '/p/' + note.shortid) + } + }) +} + +export function showPublishSlide (req: any, res: Response, next: NextFunction) { + const include = [{ + model: User, + as: 'owner' + }, { + model: User, + as: 'lastchangeuser' + }] + NoteUtils.findNoteOrCreate(req, res, function (note) { + // force to use short id + const shortid = req.params.shortid + if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { + return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) + } + note.increment('viewcount').then(function (note) { + if (!note) { + return errors.errorNotFound(res) + } + NoteUtils.getPublishData(req, res, note, (data) => { + res.set({ + 'Cache-Control': 'private' // only cache by client + }) + return res.render('slide.ejs', data) + }) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) + }, include) } diff --git a/src/lib/web/note/util.ts b/src/lib/web/note/util.ts index 78e24ad36..b88455765 100644 --- a/src/lib/web/note/util.ts +++ b/src/lib/web/note/util.ts @@ -1,113 +1,111 @@ -import { Includeable } from 'sequelize' import { Response } from 'express' +import fs from 'fs' import path from 'path' -import fs from 'fs' -import { errors } from '../../errors' +import { Includeable } from 'sequelize' import { config } from '../../config' +import { errors } from '../../errors' import { logger } from '../../logger' -import { Note , User } from '../../models' +import { Note, User } from '../../models' -export module NoteUtils { - export function findNoteOrCreate(req, res, callback: (note: any) => void, include?: Includeable[]) { - const id = req.params.noteId || req.params.shortid - Note.parseNoteId(id, function (err, _id) { - if (err) { - logger.error(err) - return errors.errorInternalError(res) +export function findNoteOrCreate (req, res, callback: (note: any) => void, include?: Includeable[]) { + const id = req.params.noteId || req.params.shortid + Note.parseNoteId(id, function (err, _id) { + if (err) { + logger.error(err) + return errors.errorInternalError(res) + } + Note.findOne({ + where: { + id: _id } - Note.findOne({ - where: { - id: _id - } - }).then(function (note) { - if (!note) { - return newNote(req, res, "") - } - if (!checkViewPermission(req, note)) { - return errors.errorForbidden(res) - } else { - return callback(note) - } - }).catch(function (err) { - logger.error(err) - return errors.errorInternalError(res) - }) - }) - } - - export function checkViewPermission (req: any, note: any) { - if (note.permission === 'private') { - return req.isAuthenticated() && note.ownerId === req.user.id - } else if (note.permission === 'limited' || note.permission === 'protected') { - return req.isAuthenticated() - } else { - return true - } - } - - export function newNote (req: any, res: Response, body: string | null) { - let owner = null - const noteId = req.params.noteId ? req.params.noteId : null - if (req.isAuthenticated()) { - owner = req.user.id - } else if (!config.allowAnonymous) { - return errors.errorForbidden(res) - } - if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { - req.alias = noteId - } else if (noteId) { - return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) - } - Note.create({ - ownerId: owner, - alias: req.alias ? req.alias : null, - content: body }).then(function (note) { - return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id))) + if (!note) { + return newNote(req, res, "") + } + if (!checkViewPermission(req, note)) { + return errors.errorForbidden(res) + } else { + return callback(note) + } }).catch(function (err) { logger.error(err) return errors.errorInternalError(res) }) - } + }) +} - export function getPublishData (req: any, res: Response, note: any, callback: (data: any) => void) { - const body = note.content - const extracted = Note.extractMeta(body) - const markdown = extracted.markdown - const meta = Note.parseMeta(extracted.meta) - const createtime = note.createdAt - const updatetime = note.lastchangeAt - let title = Note.decodeTitle(note.title) - title = Note.generateWebTitle(meta.title || title) - const ogdata = Note.parseOpengraph(meta, title) - const data = { - title: title, - description: meta.description || (markdown ? Note.generateDescription(markdown) : null), - viewcount: note.viewcount, - createtime: createtime, - updatetime: updatetime, - body: markdown, - theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme), - meta: JSON.stringify(extracted.meta), - owner: note.owner ? note.owner.id : null, - ownerprofile: note.owner ? User.getProfile(note.owner) : null, - lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, - lastchangeuserprofile: note.lastchangeuser ? User.getProfile(note.lastchangeuser) : null, - robots: meta.robots || false, // default allow robots - GA: meta.GA, - disqus: meta.disqus, - cspNonce: res.locals.nonce, - dnt: req.headers.dnt, - opengraph: ogdata - } - callback(data) - } - - function isRevealTheme (theme: string) { - if (fs.existsSync(path.join(__dirname, '..', '..', '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) { - return theme - } - return undefined +export function checkViewPermission (req: any, note: any) { + if (note.permission === 'private') { + return req.isAuthenticated() && note.ownerId === req.user.id + } else if (note.permission === 'limited' || note.permission === 'protected') { + return req.isAuthenticated() + } else { + return true } } + +export function newNote (req: any, res: Response, body: string | null) { + let owner = null + const noteId = req.params.noteId ? req.params.noteId : null + if (req.isAuthenticated()) { + owner = req.user.id + } else if (!config.allowAnonymous) { + return errors.errorForbidden(res) + } + if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { + req.alias = noteId + } else if (noteId) { + return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) + } + Note.create({ + ownerId: owner, + alias: req.alias ? req.alias : null, + content: body + }).then(function (note) { + return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : Note.encodeNoteId(note.id))) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) +} + +export function getPublishData (req: any, res: Response, note: any, callback: (data: any) => void) { + const body = note.content + const extracted = Note.extractMeta(body) + const markdown = extracted.markdown + const meta = Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + let title = Note.decodeTitle(note.title) + title = Note.generateWebTitle(meta.title || title) + const ogdata = Note.parseOpengraph(meta, title) + const data = { + title: title, + description: meta.description || (markdown ? Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime, + body: markdown, + theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme), + meta: JSON.stringify(extracted.meta), + owner: note.owner ? note.owner.id : null, + ownerprofile: note.owner ? User.getProfile(note.owner) : null, + lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, + lastchangeuserprofile: note.lastchangeuser ? User.getProfile(note.lastchangeuser) : null, + robots: meta.robots || false, // default allow robots + GA: meta.GA, + disqus: meta.disqus, + cspNonce: res.locals.nonce, + dnt: req.headers.dnt, + opengraph: ogdata + } + callback(data) +} + +function isRevealTheme (theme: string) { + if (fs.existsSync(path.join(__dirname, '..', '..', '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) { + return theme + } + return undefined +}