From f78540c3fbf109d6ccf2d92c5b1cf0148c88f722 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 13:51:53 +0100 Subject: [PATCH 01/11] Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren --- app.js | 6 +- lib/errors.js | 38 ++++ lib/history.js | 40 ++-- lib/response.js | 324 +++------------------------- lib/web/auth/email/index.js | 12 +- lib/web/auth/ldap/index.js | 4 +- lib/web/baseRouter.js | 8 +- lib/web/imageRouter/index.js | 4 +- lib/web/middleware/checkURIValid.js | 4 +- lib/web/middleware/tooBusy.js | 4 +- lib/web/note/actions.js | 187 ++++++++++++++++ lib/web/note/router.js | 32 +++ lib/web/note/util.js | 67 ++++++ lib/web/noteRouter.js | 30 --- lib/web/statusRouter.js | 18 +- lib/web/userRouter.js | 22 +- 16 files changed, 410 insertions(+), 390 deletions(-) create mode 100644 lib/errors.js create mode 100644 lib/web/note/actions.js create mode 100644 lib/web/note/router.js create mode 100644 lib/web/note/util.js delete mode 100644 lib/web/noteRouter.js diff --git a/app.js b/app.js index 10b7bd978..930191ce4 100644 --- a/app.js +++ b/app.js @@ -22,7 +22,7 @@ var flash = require('connect-flash') // core var config = require('./lib/config') var logger = require('./lib/logger') -var response = require('./lib/response') +var errors = require('./lib/errors') var models = require('./lib/models') var csp = require('./lib/csp') @@ -212,11 +212,11 @@ app.use(require('./lib/web/auth')) app.use(require('./lib/web/historyRouter')) app.use(require('./lib/web/userRouter')) app.use(require('./lib/web/imageRouter')) -app.use(require('./lib/web/noteRouter')) +app.use(require('./lib/web/note/router')) // response not found if no any route matxches app.get('*', function (req, res) { - response.errorNotFound(res) + errors.errorNotFound(res) }) // socket.io secure diff --git a/lib/errors.js b/lib/errors.js new file mode 100644 index 000000000..64f938597 --- /dev/null +++ b/lib/errors.js @@ -0,0 +1,38 @@ +const config = require('./config') + +module.exports = { + errorForbidden: function (res) { + const { req } = res + if (req.user) { + responseError(res, '403', 'Forbidden', 'oh no.') + } else { + req.flash('error', 'You are not allowed to access this page. Maybe try logging in?') + res.redirect(config.serverURL + '/') + } + }, + errorNotFound: function (res) { + responseError(res, '404', 'Not Found', 'oops.') + }, + errorBadRequest: function (res) { + responseError(res, '400', 'Bad Request', 'something not right.') + }, + errorTooLong: function (res) { + responseError(res, '413', 'Payload Too Large', 'Shorten your note!') + }, + errorInternalError: function (res) { + responseError(res, '500', 'Internal Error', 'wtf.') + }, + errorServiceUnavailable: function (res) { + res.status(503).send('I\'m busy right now, try again later.') + } +} + +function responseError (res, code, detail, msg) { + res.status(code).render('error.ejs', { + title: code + ' ' + detail + ' ' + msg, + code: code, + detail: detail, + msg: msg, + opengraph: [] + }) +} diff --git a/lib/history.js b/lib/history.js index 88a7ee05b..3ebf77fd8 100644 --- a/lib/history.js +++ b/lib/history.js @@ -5,8 +5,8 @@ var LZString = require('lz-string') // core var logger = require('./logger') -var response = require('./response') var models = require('./models') +const errors = require('./errors') // public var History = { @@ -121,14 +121,14 @@ function parseHistoryToObject (history) { function historyGet (req, res) { if (req.isAuthenticated()) { getHistory(req.user.id, function (err, history) { - if (err) return response.errorInternalError(res) - if (!history) return response.errorNotFound(res) + if (err) return errors.errorInternalError(res) + if (!history) return errors.errorNotFound(res) res.send({ history: parseHistoryToArray(history) }) }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } } @@ -136,40 +136,40 @@ function historyPost (req, res) { if (req.isAuthenticated()) { var noteId = req.params.noteId if (!noteId) { - if (typeof req.body['history'] === 'undefined') return response.errorBadRequest(res) + if (typeof req.body['history'] === 'undefined') return errors.errorBadRequest(res) logger.debug(`SERVER received history from [${req.user.id}]: ${req.body.history}`) try { var history = JSON.parse(req.body.history) } catch (err) { - return response.errorBadRequest(res) + return errors.errorBadRequest(res) } if (Array.isArray(history)) { setHistory(req.user.id, history, function (err, count) { - if (err) return response.errorInternalError(res) + if (err) return errors.errorInternalError(res) res.end() }) } else { - return response.errorBadRequest(res) + return errors.errorBadRequest(res) } } else { - if (typeof req.body['pinned'] === 'undefined') return response.errorBadRequest(res) + if (typeof req.body['pinned'] === 'undefined') return errors.errorBadRequest(res) getHistory(req.user.id, function (err, history) { - if (err) return response.errorInternalError(res) - if (!history) return response.errorNotFound(res) - if (!history[noteId]) return response.errorNotFound(res) + if (err) return errors.errorInternalError(res) + if (!history) return errors.errorNotFound(res) + if (!history[noteId]) return errors.errorNotFound(res) if (req.body.pinned === 'true' || req.body.pinned === 'false') { history[noteId].pinned = (req.body.pinned === 'true') setHistory(req.user.id, history, function (err, count) { - if (err) return response.errorInternalError(res) + if (err) return errors.errorInternalError(res) res.end() }) } else { - return response.errorBadRequest(res) + return errors.errorBadRequest(res) } }) } } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } } @@ -178,22 +178,22 @@ function historyDelete (req, res) { var noteId = req.params.noteId if (!noteId) { setHistory(req.user.id, [], function (err, count) { - if (err) return response.errorInternalError(res) + if (err) return errors.errorInternalError(res) res.end() }) } else { getHistory(req.user.id, function (err, history) { - if (err) return response.errorInternalError(res) - if (!history) return response.errorNotFound(res) + if (err) return errors.errorInternalError(res) + if (!history) return errors.errorNotFound(res) delete history[noteId] setHistory(req.user.id, history, function (err, count) { - if (err) return response.errorInternalError(res) + if (err) return errors.errorInternalError(res) res.end() }) }) } } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } } diff --git a/lib/response.js b/lib/response.js index 74d71d523..033a83a69 100644 --- a/lib/response.js +++ b/lib/response.js @@ -3,49 +3,22 @@ // external modules var fs = require('fs') var path = require('path') -var markdownpdf = require('markdown-pdf') -var shortId = require('shortid') -var querystring = require('querystring') var request = require('request') -var moment = require('moment') - // core var config = require('./config') var logger = require('./logger') var models = require('./models') var utils = require('./utils') +const noteUtil = require('./web/note/util') +const noteActions = require('./web/note/actions') +const errors = require('./errors') // public var response = { - errorForbidden: function (res) { - const { req } = res - if (req.user) { - responseError(res, '403', 'Forbidden', 'oh no.') - } else { - req.flash('error', 'You are not allowed to access this page. Maybe try logging in?') - res.redirect(config.serverURL + '/') - } - }, - errorNotFound: function (res) { - responseError(res, '404', 'Not Found', 'oops.') - }, - errorBadRequest: function (res) { - responseError(res, '400', 'Bad Request', 'something not right.') - }, - errorTooLong: function (res) { - responseError(res, '413', 'Payload Too Large', 'Shorten your note!') - }, - errorInternalError: function (res) { - responseError(res, '500', 'Internal Error', 'wtf.') - }, - errorServiceUnavailable: function (res) { - res.status(503).send("I'm busy right now, try again later.") - }, showNote: showNote, showPublishNote: showPublishNote, showPublishSlide: showPublishSlide, showIndex: showIndex, - noteActions: noteActions, postNote: postNote, publishNoteActions: publishNoteActions, publishSlideActions: publishSlideActions, @@ -53,16 +26,6 @@ var response = { gitlabActions: gitlabActions } -function responseError (res, code, detail, msg) { - res.status(code).render('error.ejs', { - title: code + ' ' + detail + ' ' + msg, - code: code, - detail: detail, - msg: msg, - opengraph: [] - }) -} - function showIndex (req, res, next) { var authStatus = req.isAuthenticated() var deleteToken = '' @@ -113,79 +76,16 @@ function responseCodiMD (res, note) { function postNote (req, res, next) { var body = '' if (req.body && req.body.length > config.documentMaxLength) { - return response.errorTooLong(res) + return errors.errorTooLong(res) } else if (req.body) { body = req.body } body = body.replace(/[\r]/g, '') - return newNote(req, res, body) -} - -function newNote (req, res, body) { - var owner = null - var noteId = req.params.noteId ? req.params.noteId : null - if (req.isAuthenticated()) { - owner = req.user.id - } else if (!config.allowAnonymous) { - return response.errorForbidden(res) - } - if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { - req.alias = noteId - } else if (noteId) { - return req.method === 'POST' ? response.errorForbidden(res) : response.errorNotFound(res) - } - models.Note.create({ - ownerId: owner, - alias: req.alias ? req.alias : null, - content: body - }).then(function (note) { - return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) - }).catch(function (err) { - logger.error(err) - return response.errorInternalError(res) - }) -} - -function checkViewPermission (req, note) { - if (note.permission === 'private') { - if (!req.isAuthenticated() || note.ownerId !== req.user.id) { return false } else { return true } - } else if (note.permission === 'limited' || note.permission === 'protected') { - if (!req.isAuthenticated()) { return false } else { return true } - } else { - return true - } -} - -function findNote (req, res, callback, include) { - var id = req.params.noteId || req.params.shortid - models.Note.parseNoteId(id, function (err, _id) { - if (err) { - logger.error(err) - return response.errorInternalError(res) - } - models.Note.findOne({ - where: { - id: _id - }, - include: include || null - }).then(function (note) { - if (!note) { - return newNote(req, res, null) - } - if (!checkViewPermission(req, note)) { - return response.errorForbidden(res) - } else { - return callback(note) - } - }).catch(function (err) { - logger.error(err) - return response.errorInternalError(res) - }) - }) + return noteUtil.newNote(req, res, body) } function showNote (req, res, next) { - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId var id = models.Note.encodeNoteId(note.id) @@ -202,7 +102,7 @@ function showPublishNote (req, res, next) { model: models.User, as: 'lastchangeuser' }] - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { // force to use short id var shortid = req.params.shortid if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { @@ -210,7 +110,7 @@ function showPublishNote (req, res, next) { } note.increment('viewcount').then(function (note) { if (!note) { - return response.errorNotFound(res) + return errors.errorNotFound(res) } var body = note.content var extracted = models.Note.extractMeta(body) @@ -242,7 +142,7 @@ function showPublishNote (req, res, next) { return renderPublish(data, res) }).catch(function (err) { logger.error(err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) }, include) } @@ -254,188 +154,12 @@ function renderPublish (data, res) { res.render('pretty.ejs', data) } -function actionPublish (req, res, note) { - res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) -} - -function actionSlide (req, res, note) { - res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) -} - -function actionDownload (req, res, note) { - var body = note.content - var title = models.Note.decodeTitle(note.title) - var filename = title - filename = encodeURIComponent(filename) - res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Content-Type': 'text/markdown; charset=UTF-8', - 'Cache-Control': 'private', - 'Content-disposition': 'attachment; filename=' + filename + '.md', - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.send(body) -} - -function actionInfo (req, res, note) { - var body = note.content - var extracted = models.Note.extractMeta(body) - var markdown = extracted.markdown - var meta = models.Note.parseMeta(extracted.meta) - var createtime = note.createdAt - var updatetime = note.lastchangeAt - var title = models.Note.decodeTitle(note.title) - var data = { - title: meta.title || title, - description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), - viewcount: note.viewcount, - createtime: createtime, - updatetime: updatetime - } - res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.send(data) -} - -function actionPDF (req, res, note) { - var url = config.serverURL || 'http://' + req.get('host') - var body = note.content - var extracted = models.Note.extractMeta(body) - var content = extracted.markdown - var title = models.Note.decodeTitle(note.title) - - if (!fs.existsSync(config.tmpPath)) { - fs.mkdirSync(config.tmpPath) - } - var path = config.tmpPath + '/' + Date.now() + '.pdf' - content = content.replace(/\]\(\//g, '](' + url + '/') - markdownpdf().from.string(content).to(path, function () { - if (!fs.existsSync(path)) { - logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) - return response.errorInternalError(res) - } - var stream = fs.createReadStream(path) - var filename = title - // Be careful of special characters - filename = encodeURIComponent(filename) - // Ideally this should strip them - res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') - res.setHeader('Cache-Control', 'private') - res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') - res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling - stream.pipe(res) - fs.unlinkSync(path) - }) -} - -function actionGist (req, res, note) { - var data = { - client_id: config.github.clientID, - redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', - scope: 'gist', - state: shortId.generate() - } - var query = querystring.stringify(data) - res.redirect('https://github.com/login/oauth/authorize?' + query) -} - -function actionRevision (req, res, note) { - var actionId = req.params.actionId - if (actionId) { - var time = moment(parseInt(actionId)) - if (time.isValid()) { - models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { - if (err) { - logger.error(err) - return response.errorInternalError(res) - } - if (!content) { - return response.errorNotFound(res) - } - res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.send(content) - }) - } else { - return response.errorNotFound(res) - } - } else { - models.Revision.getNoteRevisions(note, function (err, data) { - if (err) { - logger.error(err) - return response.errorInternalError(res) - } - var out = { - revision: data - } - res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.send(out) - }) - } -} - -function noteActions (req, res, next) { - var noteId = req.params.noteId - findNote(req, res, function (note) { - var action = req.params.action - switch (action) { - case 'publish': - case 'pretty': // pretty deprecated - actionPublish(req, res, note) - break - case 'slide': - actionSlide(req, res, note) - break - case 'download': - actionDownload(req, res, note) - break - case 'info': - actionInfo(req, res, note) - break - case 'pdf': - if (config.allowPDFExport) { - actionPDF(req, res, note) - } else { - logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') - response.errorForbidden(res) - } - break - case 'gist': - actionGist(req, res, note) - break - case 'revision': - actionRevision(req, res, note) - break - default: - return res.redirect(config.serverURL + '/' + noteId) - } - }) -} - function publishNoteActions (req, res, next) { - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { var action = req.params.action switch (action) { case 'download': - actionDownload(req, res, note) + noteActions.actionDownload(req, res, note) break case 'edit': res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both') @@ -448,7 +172,7 @@ function publishNoteActions (req, res, next) { } function publishSlideActions (req, res, next) { - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { var action = req.params.action switch (action) { case 'edit': @@ -463,7 +187,7 @@ function publishSlideActions (req, res, next) { function githubActions (req, res, next) { var noteId = req.params.noteId - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { var action = req.params.action switch (action) { case 'gist': @@ -480,7 +204,7 @@ function githubActionGist (req, res, note) { var code = req.query.code var state = req.query.state if (!code || !state) { - return response.errorForbidden(res) + return errors.errorForbidden(res) } else { var data = { client_id: config.github.clientID, @@ -520,14 +244,14 @@ function githubActionGist (req, res, note) { res.setHeader('referer', '') res.redirect(body.html_url) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }) } @@ -535,7 +259,7 @@ function githubActionGist (req, res, note) { function gitlabActions (req, res, next) { var noteId = req.params.noteId - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { var action = req.params.action switch (action) { case 'projects': @@ -555,7 +279,7 @@ function gitlabActionProjects (req, res, note) { id: req.user.id } }).then(function (user) { - if (!user) { return response.errorNotFound(res) } + if (!user) { return errors.errorNotFound(res) } var ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version } ret.accesstoken = user.accessToken ret.profileid = user.profileid @@ -572,10 +296,10 @@ function gitlabActionProjects (req, res, note) { ) }).catch(function (err) { logger.error('gitlab action projects failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } } @@ -587,13 +311,13 @@ function showPublishSlide (req, res, next) { model: models.User, as: 'lastchangeuser' }] - findNote(req, res, function (note) { + noteUtil.findNote(req, res, function (note) { // force to use short id var shortid = req.params.shortid if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) } note.increment('viewcount').then(function (note) { if (!note) { - return response.errorNotFound(res) + return errors.errorNotFound(res) } var body = note.content var extracted = models.Note.extractMeta(body) @@ -625,7 +349,7 @@ function showPublishSlide (req, res, next) { return renderPublishSlide(data, res) }).catch(function (err) { logger.error(err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) }, include) } diff --git a/lib/web/auth/email/index.js b/lib/web/auth/email/index.js index 32e214289..06560545d 100644 --- a/lib/web/auth/email/index.js +++ b/lib/web/auth/email/index.js @@ -9,7 +9,7 @@ const models = require('../../../models') const logger = require('../../../logger') const { setReturnToFromReferer } = require('../utils') const { urlencodedParser } = require('../../utils') -const response = require('../../../response') +const errors = require('../../../errors') let emailAuth = module.exports = Router() @@ -39,8 +39,8 @@ passport.use(new LocalStrategy({ if (config.allowEmailRegister) { emailAuth.post('/register', urlencodedParser, function (req, res, next) { - if (!req.body.email || !req.body.password) return response.errorBadRequest(res) - if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + if (!req.body.email || !req.body.password) return errors.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res) models.User.findOrCreate({ where: { email: req.body.email @@ -63,14 +63,14 @@ if (config.allowEmailRegister) { return res.redirect(config.serverURL + '/') }).catch(function (err) { logger.error('auth callback failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) }) } emailAuth.post('/login', urlencodedParser, function (req, res, next) { - if (!req.body.email || !req.body.password) return response.errorBadRequest(res) - if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + if (!req.body.email || !req.body.password) return errors.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res) setReturnToFromReferer(req) passport.authenticate('local', { successReturnToOrRedirect: config.serverURL + '/', diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js index 961436646..28f3e471b 100644 --- a/lib/web/auth/ldap/index.js +++ b/lib/web/auth/ldap/index.js @@ -8,7 +8,7 @@ const models = require('../../../models') const logger = require('../../../logger') const { setReturnToFromReferer } = require('../utils') const { urlencodedParser } = require('../../utils') -const response = require('../../../response') +const errors = require('../../../errors') let ldapAuth = module.exports = Router() @@ -81,7 +81,7 @@ passport.use(new LDAPStrategy({ })) ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) { - if (!req.body.username || !req.body.password) return response.errorBadRequest(res) + if (!req.body.username || !req.body.password) return errors.errorBadRequest(res) setReturnToFromReferer(req) passport.authenticate('ldapauth', { successReturnToOrRedirect: config.serverURL + '/', diff --git a/lib/web/baseRouter.js b/lib/web/baseRouter.js index b918ce759..df5e2777b 100644 --- a/lib/web/baseRouter.js +++ b/lib/web/baseRouter.js @@ -6,17 +6,19 @@ const response = require('../response') const baseRouter = module.exports = Router() +const errors = require('../errors') + // get index baseRouter.get('/', response.showIndex) // get 403 forbidden baseRouter.get('/403', function (req, res) { - response.errorForbidden(res) + errors.errorForbidden(res) }) // get 404 not found baseRouter.get('/404', function (req, res) { - response.errorNotFound(res) + errors.errorNotFound(res) }) // get 500 internal error baseRouter.get('/500', function (req, res) { - response.errorInternalError(res) + errors.errorInternalError(res) }) diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js index 0b59218b8..aa02e9b09 100644 --- a/lib/web/imageRouter/index.js +++ b/lib/web/imageRouter/index.js @@ -5,7 +5,7 @@ const formidable = require('formidable') const config = require('../../config') const logger = require('../../logger') -const response = require('../../response') +const errors = require('../../errors') const imageRouter = module.exports = Router() @@ -22,7 +22,7 @@ imageRouter.post('/uploadimage', function (req, res) { form.parse(req, function (err, fields, files) { if (err || !files.image || !files.image.path) { logger.error(`formidable error: ${err}`) - response.errorForbidden(res) + errors.errorForbidden(res) } else { logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`) diff --git a/lib/web/middleware/checkURIValid.js b/lib/web/middleware/checkURIValid.js index 88065e79c..cd6dabd2f 100644 --- a/lib/web/middleware/checkURIValid.js +++ b/lib/web/middleware/checkURIValid.js @@ -1,14 +1,14 @@ 'use strict' const logger = require('../../logger') -const response = require('../../response') +const errors = require('../../errors') module.exports = function (req, res, next) { try { decodeURIComponent(req.path) } catch (err) { logger.error(err) - return response.errorBadRequest(res) + return errors.errorBadRequest(res) } next() } diff --git a/lib/web/middleware/tooBusy.js b/lib/web/middleware/tooBusy.js index 49efbe373..a2101975a 100644 --- a/lib/web/middleware/tooBusy.js +++ b/lib/web/middleware/tooBusy.js @@ -2,14 +2,14 @@ const toobusy = require('toobusy-js') -const response = require('../../response') +const errors = require('../../errors') const config = require('../../config') toobusy.maxLag(config.tooBusyLag) module.exports = function (req, res, next) { if (toobusy()) { - response.errorServiceUnavailable(res) + errors.errorServiceUnavailable(res) } else { next() } diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js new file mode 100644 index 000000000..cfefc8d5a --- /dev/null +++ b/lib/web/note/actions.js @@ -0,0 +1,187 @@ +'use strict' + +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const error = require('../../errors') +const fs = require('fs') +const shortId = require('shortid') +const markdownpdf = require('markdown-pdf') +const moment = require('moment') +const querystring = require('querystring') +const noteUtil = require('./util') + +exports.doAction = function (req, res, next) { + const noteId = req.params.noteId + noteUtil.findNote(req, res, function (note) { + const action = req.params.action + switch (action) { + case 'publish': + case 'pretty': // pretty deprecated + actionPublish(req, res, note) + break + case 'slide': + actionSlide(req, res, note) + break + case 'download': + exports.actionDownload(req, res, note) + break + case 'info': + actionInfo(req, res, note) + break + case 'pdf': + if (config.allowPDFExport) { + actionPDF(req, res, note) + } else { + logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') + error.errorForbidden(res) + } + break + case 'gist': + actionGist(req, res, note) + break + case 'revision': + actionRevision(req, res, note) + break + default: + return res.redirect(config.serverURL + '/' + noteId) + } + }) +} + +function actionPublish (req, res, note) { + res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) +} + +function actionSlide (req, res, note) { + res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) +} + +exports.actionDownload = function (req, res, note) { + const body = note.content + let filename = models.Note.decodeTitle(note.title) + filename = encodeURIComponent(filename) + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Content-Type': 'text/markdown; charset=UTF-8', + 'Cache-Control': 'private', + 'Content-disposition': 'attachment; filename=' + filename + '.md', + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(body) +} + +function actionInfo (req, res, note) { + const body = note.content + const extracted = models.Note.extractMeta(body) + const markdown = extracted.markdown + const meta = models.Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + const title = models.Note.decodeTitle(note.title) + const data = { + title: meta.title || title, + description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(data) +} + +function actionPDF (req, res, note) { + const url = config.serverURL || 'http://' + req.get('host') + const body = note.content + const extracted = models.Note.extractMeta(body) + let content = extracted.markdown + const title = models.Note.decodeTitle(note.title) + + if (!fs.existsSync(config.tmpPath)) { + fs.mkdirSync(config.tmpPath) + } + const path = config.tmpPath + '/' + Date.now() + '.pdf' + content = content.replace(/\]\(\//g, '](' + url + '/') + markdownpdf().from.string(content).to(path, function () { + if (!fs.existsSync(path)) { + logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) + return error.errorInternalError(res) + } + const stream = fs.createReadStream(path) + let filename = title + // Be careful of special characters + filename = encodeURIComponent(filename) + // Ideally this should strip them + res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') + res.setHeader('Cache-Control', 'private') + res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') + res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling + stream.pipe(res) + fs.unlinkSync(path) + }) +} + +function actionGist (req, res, note) { + const data = { + client_id: config.github.clientID, + redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', + scope: 'gist', + state: shortId.generate() + } + const query = querystring.stringify(data) + res.redirect('https://github.com/login/oauth/authorize?' + query) +} + +function actionRevision (req, res, note) { + const actionId = req.params.actionId + if (actionId) { + const time = moment(parseInt(actionId)) + if (time.isValid()) { + models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { + if (err) { + logger.error(err) + return error.errorInternalError(res) + } + if (!content) { + return error.errorNotFound(res) + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(content) + }) + } else { + return error.errorNotFound(res) + } + } else { + models.Revision.getNoteRevisions(note, function (err, data) { + if (err) { + logger.error(err) + return error.errorInternalError(res) + } + const out = { + revision: data + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(out) + }) + } +} diff --git a/lib/web/note/router.js b/lib/web/note/router.js new file mode 100644 index 000000000..e23b7f64b --- /dev/null +++ b/lib/web/note/router.js @@ -0,0 +1,32 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../../response') + +const { markdownParser } = require('../utils') + +const router = module.exports = Router() + +const noteActions = require('./actions') + +// get new note +router.get('/new', response.postNote) +// post new note with content +router.post('/new', markdownParser, response.postNote) +// post new note with content and alias +router.post('/new/:noteId', markdownParser, response.postNote) +// get publish note +router.get('/s/:shortid', response.showPublishNote) +// publish note actions +router.get('/s/:shortid/:action', response.publishNoteActions) +// get publish slide +router.get('/p/:shortid', response.showPublishSlide) +// publish slide actions +router.get('/p/:shortid/:action', response.publishSlideActions) +// get note by id +router.get('/:noteId', response.showNote) +// note actions +router.get('/:noteId/:action', noteActions.doAction) +// note actions with action id +router.get('/:noteId/:action/:actionId', noteActions.doAction) diff --git a/lib/web/note/util.js b/lib/web/note/util.js new file mode 100644 index 000000000..bda74ac44 --- /dev/null +++ b/lib/web/note/util.js @@ -0,0 +1,67 @@ +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const errors = require('../../errors') + +exports.findNote = function (req, res, callback, include) { + const id = req.params.noteId || req.params.shortid + models.Note.parseNoteId(id, function (err, _id) { + if (err) { + logger.error(err) + return errors.errorInternalError(res) + } + models.Note.findOne({ + where: { + id: _id + }, + include: include || null + }).then(function (note) { + if (!note) { + return exports.newNote(req, res, null) + } + if (!exports.checkViewPermission(req, note)) { + return errors.errorForbidden(res) + } else { + return callback(note) + } + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) + }) +} + +exports.checkViewPermission = function (req, note) { + if (note.permission === 'private') { + return !(!req.isAuthenticated() || note.ownerId !== req.user.id) + } else if (note.permission === 'limited' || note.permission === 'protected') { + return req.isAuthenticated() + } else { + return true + } +} + +exports.newNote = function (req, res, body) { + let owner = null + const noteId = req.params.noteId ? req.params.noteId : null + if (req.isAuthenticated()) { + owner = req.user.id + } else if (!config.allowAnonymous) { + return errors.errorForbidden(res) + } + if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { + req.alias = noteId + } else if (noteId) { + return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) + } + models.Note.create({ + ownerId: owner, + alias: req.alias ? req.alias : null, + content: body + }).then(function (note) { + return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) +} diff --git a/lib/web/noteRouter.js b/lib/web/noteRouter.js deleted file mode 100644 index 58e93019a..000000000 --- a/lib/web/noteRouter.js +++ /dev/null @@ -1,30 +0,0 @@ -'use strict' - -const Router = require('express').Router - -const response = require('../response') - -const { markdownParser } = require('./utils') - -const noteRouter = module.exports = Router() - -// get new note -noteRouter.get('/new', response.postNote) -// post new note with content -noteRouter.post('/new', markdownParser, response.postNote) -// post new note with content and alias -noteRouter.post('/new/:noteId', markdownParser, response.postNote) -// get publish note -noteRouter.get('/s/:shortid', response.showPublishNote) -// publish note actions -noteRouter.get('/s/:shortid/:action', response.publishNoteActions) -// get publish slide -noteRouter.get('/p/:shortid', response.showPublishSlide) -// publish slide actions -noteRouter.get('/p/:shortid/:action', response.publishSlideActions) -// get note by id -noteRouter.get('/:noteId', response.showNote) -// note actions -noteRouter.get('/:noteId/:action', response.noteActions) -// note actions with action id -noteRouter.get('/:noteId/:action/:actionId', response.noteActions) diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js index 1d9a11571..025aafd41 100644 --- a/lib/web/statusRouter.js +++ b/lib/web/statusRouter.js @@ -2,7 +2,7 @@ const Router = require('express').Router -const response = require('../response') +const errors = require('../errors') const realtime = require('../realtime') const config = require('../config') const models = require('../models') @@ -27,11 +27,11 @@ statusRouter.get('/status', function (req, res, next) { statusRouter.get('/temp', function (req, res) { var host = req.get('host') if (config.allowOrigin.indexOf(host) === -1) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { var tempid = req.query.tempid if (!tempid) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { models.Temp.findOne({ where: { @@ -39,7 +39,7 @@ statusRouter.get('/temp', function (req, res) { } }).then(function (temp) { if (!temp) { - response.errorNotFound(res) + errors.errorNotFound(res) } else { res.header('Access-Control-Allow-Origin', '*') res.send({ @@ -53,7 +53,7 @@ statusRouter.get('/temp', function (req, res) { } }).catch(function (err) { logger.error(err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } } @@ -62,11 +62,11 @@ statusRouter.get('/temp', function (req, res) { statusRouter.post('/temp', urlencodedParser, function (req, res) { var host = req.get('host') if (config.allowOrigin.indexOf(host) === -1) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { var data = req.body.data if (!data) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { logger.debug(`SERVER received temp from [${host}]: ${req.body.data}`) models.Temp.create({ @@ -79,11 +79,11 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) { id: temp.id }) } else { - response.errorInternalError(res) + errors.errorInternalError(res) } }).catch(function (err) { logger.error(err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } } diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js index 73b519ec8..f1f999f15 100644 --- a/lib/web/userRouter.js +++ b/lib/web/userRouter.js @@ -4,7 +4,7 @@ const archiver = require('archiver') const async = require('async') const Router = require('express').Router -const response = require('../response') +const errors = require('../errors') const config = require('../config') const models = require('../models') const logger = require('../logger') @@ -20,7 +20,7 @@ UserRouter.get('/me', function (req, res) { id: req.user.id } }).then(function (user) { - if (!user) { return response.errorNotFound(res) } + if (!user) { return errors.errorNotFound(res) } var profile = models.User.getProfile(user) res.send({ status: 'ok', @@ -30,7 +30,7 @@ UserRouter.get('/me', function (req, res) { }) }).catch(function (err) { logger.error('read me failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { res.send({ @@ -48,21 +48,21 @@ UserRouter.get('/me/delete/:token?', function (req, res) { } }).then(function (user) { if (!user) { - return response.errorNotFound(res) + return errors.errorNotFound(res) } if (user.deleteToken === req.params.token) { user.destroy().then(function () { res.redirect(config.serverURL + '/') }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }).catch(function (err) { logger.error('delete user failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }) @@ -78,7 +78,7 @@ UserRouter.get('/me/export', function (req, res) { archive.pipe(res) archive.on('error', function (err) { logger.error('export user data failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) models.User.findOne({ where: { @@ -107,7 +107,7 @@ UserRouter.get('/me/export', function (req, res) { callback(null, null) }, function (err) { if (err) { - return response.errorInternalError(res) + return errors.errorInternalError(res) } archive.finalize() @@ -115,10 +115,10 @@ UserRouter.get('/me/export', function (req, res) { }) }).catch(function (err) { logger.error('export user data failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }) From 9d938c334a5a058e243327c65e15fd6fc56c9403 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 14:19:46 +0100 Subject: [PATCH 02/11] Fix errors constant in note/actions.js Signed-off-by: David Mehren --- lib/web/note/actions.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js index cfefc8d5a..a124277a3 100644 --- a/lib/web/note/actions.js +++ b/lib/web/note/actions.js @@ -3,7 +3,7 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') -const error = require('../../errors') +const errors = require('../../errors') const fs = require('fs') const shortId = require('shortid') const markdownpdf = require('markdown-pdf') @@ -34,7 +34,7 @@ exports.doAction = function (req, res, next) { actionPDF(req, res, note) } else { logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') - error.errorForbidden(res) + errors.errorForbidden(res) } break case 'gist': @@ -113,7 +113,7 @@ function actionPDF (req, res, note) { markdownpdf().from.string(content).to(path, function () { if (!fs.existsSync(path)) { logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) - return error.errorInternalError(res) + return errors.errorInternalError(res) } const stream = fs.createReadStream(path) let filename = title @@ -148,10 +148,10 @@ function actionRevision (req, res, note) { models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { if (err) { logger.error(err) - return error.errorInternalError(res) + return errors.errorInternalError(res) } if (!content) { - return error.errorNotFound(res) + return errors.errorNotFound(res) } res.set({ 'Access-Control-Allow-Origin': '*', // allow CORS as API @@ -163,13 +163,13 @@ function actionRevision (req, res, note) { res.send(content) }) } else { - return error.errorNotFound(res) + return errors.errorNotFound(res) } } else { models.Revision.getNoteRevisions(note, function (err, data) { if (err) { logger.error(err) - return error.errorInternalError(res) + return errors.errorInternalError(res) } const out = { revision: data From afb317b55155eed2cfcad0fee5aba2107dc0b106 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 14:27:15 +0100 Subject: [PATCH 03/11] Move slide actions to own file Signed-off-by: David Mehren --- lib/response.js | 75 +------------------------------------- lib/utils.js | 9 ----- lib/web/note/router.js | 5 ++- lib/web/note/slide.js | 83 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 85 deletions(-) create mode 100644 lib/web/note/slide.js diff --git a/lib/response.js b/lib/response.js index 033a83a69..934179fdb 100644 --- a/lib/response.js +++ b/lib/response.js @@ -8,7 +8,6 @@ var request = require('request') var config = require('./config') var logger = require('./logger') var models = require('./models') -var utils = require('./utils') const noteUtil = require('./web/note/util') const noteActions = require('./web/note/actions') const errors = require('./errors') @@ -17,11 +16,9 @@ const errors = require('./errors') var response = { showNote: showNote, showPublishNote: showPublishNote, - showPublishSlide: showPublishSlide, showIndex: showIndex, postNote: postNote, publishNoteActions: publishNoteActions, - publishSlideActions: publishSlideActions, githubActions: githubActions, gitlabActions: gitlabActions } @@ -171,19 +168,7 @@ function publishNoteActions (req, res, next) { }) } -function publishSlideActions (req, res, next) { - noteUtil.findNote(req, res, function (note) { - var action = req.params.action - switch (action) { - case 'edit': - res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both') - break - default: - res.redirect(config.serverURL + '/p/' + note.shortid) - break - } - }) -} + function githubActions (req, res, next) { var noteId = req.params.noteId @@ -303,62 +288,4 @@ function gitlabActionProjects (req, res, note) { } } -function showPublishSlide (req, res, next) { - var include = [{ - model: models.User, - as: 'owner' - }, { - model: models.User, - as: 'lastchangeuser' - }] - noteUtil.findNote(req, res, function (note) { - // force to use short id - var shortid = req.params.shortid - if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) } - note.increment('viewcount').then(function (note) { - if (!note) { - return errors.errorNotFound(res) - } - var body = note.content - var extracted = models.Note.extractMeta(body) - var markdown = extracted.markdown - var meta = models.Note.parseMeta(extracted.meta) - var createtime = note.createdAt - var updatetime = note.lastchangeAt - var title = models.Note.decodeTitle(note.title) - title = models.Note.generateWebTitle(meta.title || title) - var data = { - title: title, - description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), - viewcount: note.viewcount, - createtime: createtime, - updatetime: updatetime, - body: markdown, - theme: meta.slideOptions && utils.isRevealTheme(meta.slideOptions.theme), - meta: JSON.stringify(extracted.meta), - owner: note.owner ? note.owner.id : null, - ownerprofile: note.owner ? models.User.getProfile(note.owner) : null, - lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, - lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null, - robots: meta.robots || false, // default allow robots - GA: meta.GA, - disqus: meta.disqus, - cspNonce: res.locals.nonce, - dnt: req.headers.dnt - } - return renderPublishSlide(data, res) - }).catch(function (err) { - logger.error(err) - return errors.errorInternalError(res) - }) - }, include) -} - -function renderPublishSlide (data, res) { - res.set({ - 'Cache-Control': 'private' // only cache by client - }) - res.render('slide.ejs', data) -} - module.exports = response diff --git a/lib/utils.js b/lib/utils.js index 1725f6e88..270cbd6a2 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -1,6 +1,4 @@ 'use strict' -const fs = require('fs') -const path = require('path') exports.isSQLite = function isSQLite (sequelize) { return sequelize.options.dialect === 'sqlite' @@ -27,10 +25,3 @@ exports.getImageMimeType = function getImageMimeType (imagePath) { return undefined } } - -exports.isRevealTheme = function isRevealTheme (theme) { - if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) { - return theme - } - return undefined -} diff --git a/lib/web/note/router.js b/lib/web/note/router.js index e23b7f64b..2a6bf2aa7 100644 --- a/lib/web/note/router.js +++ b/lib/web/note/router.js @@ -9,6 +9,7 @@ const { markdownParser } = require('../utils') const router = module.exports = Router() const noteActions = require('./actions') +const slide = require('./slide') // get new note router.get('/new', response.postNote) @@ -21,9 +22,9 @@ router.get('/s/:shortid', response.showPublishNote) // publish note actions router.get('/s/:shortid/:action', response.publishNoteActions) // get publish slide -router.get('/p/:shortid', response.showPublishSlide) +router.get('/p/:shortid', slide.showPublishSlide) // publish slide actions -router.get('/p/:shortid/:action', response.publishSlideActions) +router.get('/p/:shortid/:action', slide.publishSlideActions) // get note by id router.get('/:noteId', response.showNote) // note actions diff --git a/lib/web/note/slide.js b/lib/web/note/slide.js new file mode 100644 index 000000000..58e461021 --- /dev/null +++ b/lib/web/note/slide.js @@ -0,0 +1,83 @@ +const noteUtil = require('./util') +const models = require('../../models') +const errors = require('../../errors') +const logger = require('../../logger') +const config = require('../../config') +const fs = require('fs') +const path = require('path') + +exports.publishSlideActions = function (req, res, next) { + noteUtil.findNote(req, res, function (note) { + const action = req.params.action + if (action === 'edit') { + res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both') + } else { res.redirect(config.serverURL + '/p/' + note.shortid) } + }) +} + +exports.showPublishSlide = function (req, res, next) { + const include = [{ + model: models.User, + as: 'owner' + }, { + model: models.User, + as: 'lastchangeuser' + }] + noteUtil.findNote(req, res, function (note) { + // force to use short id + const shortid = req.params.shortid + if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { + return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) + } + note.increment('viewcount').then(function (note) { + if (!note) { + return errors.errorNotFound(res) + } + const body = note.content + const extracted = models.Note.extractMeta(body) + const markdown = extracted.markdown + const meta = models.Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + let title = models.Note.decodeTitle(note.title) + title = models.Note.generateWebTitle(meta.title || title) + const data = { + title: title, + description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime, + body: markdown, + theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme), + meta: JSON.stringify(extracted.meta), + owner: note.owner ? note.owner.id : null, + ownerprofile: note.owner ? models.User.getProfile(note.owner) : null, + lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, + lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null, + robots: meta.robots || false, // default allow robots + GA: meta.GA, + disqus: meta.disqus, + cspNonce: res.locals.nonce, + dnt: req.headers.dnt + } + return renderPublishSlide(data, res) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) + }, include) +} + +function renderPublishSlide (data, res) { + res.set({ + 'Cache-Control': 'private' // only cache by client + }) + res.render('slide.ejs', data) +} + +function isRevealTheme (theme) { + if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) { + return theme + } + return undefined +} From 30487f7c01dc15435d86d95d24257853d7930154 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 14:40:36 +0100 Subject: [PATCH 04/11] Rename actions.js to controller.js and rename functions to be more descriptive Move postNote to NoteController and rename to createFromPost Signed-off-by: David Mehren --- lib/response.js | 16 ++------- lib/web/note/{actions.js => controller.js} | 39 ++++++++++++++-------- lib/web/note/router.js | 12 +++---- 3 files changed, 33 insertions(+), 34 deletions(-) rename lib/web/note/{actions.js => controller.js} (87%) diff --git a/lib/response.js b/lib/response.js index 934179fdb..20612b685 100644 --- a/lib/response.js +++ b/lib/response.js @@ -9,7 +9,7 @@ var config = require('./config') var logger = require('./logger') var models = require('./models') const noteUtil = require('./web/note/util') -const noteActions = require('./web/note/actions') +const noteController = require('./web/note/controller') const errors = require('./errors') // public @@ -17,7 +17,6 @@ var response = { showNote: showNote, showPublishNote: showPublishNote, showIndex: showIndex, - postNote: postNote, publishNoteActions: publishNoteActions, githubActions: githubActions, gitlabActions: gitlabActions @@ -70,17 +69,6 @@ function responseCodiMD (res, note) { }) } -function postNote (req, res, next) { - var body = '' - if (req.body && req.body.length > config.documentMaxLength) { - return errors.errorTooLong(res) - } else if (req.body) { - body = req.body - } - body = body.replace(/[\r]/g, '') - return noteUtil.newNote(req, res, body) -} - function showNote (req, res, next) { noteUtil.findNote(req, res, function (note) { // force to use note id @@ -156,7 +144,7 @@ function publishNoteActions (req, res, next) { var action = req.params.action switch (action) { case 'download': - noteActions.actionDownload(req, res, note) + noteController.downloadMarkdown(req, res, note) break case 'edit': res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both') diff --git a/lib/web/note/actions.js b/lib/web/note/controller.js similarity index 87% rename from lib/web/note/actions.js rename to lib/web/note/controller.js index a124277a3..c89cc5de8 100644 --- a/lib/web/note/actions.js +++ b/lib/web/note/controller.js @@ -11,6 +11,17 @@ const moment = require('moment') const querystring = require('querystring') const noteUtil = require('./util') +exports.createFromPOST = function (req, res, next) { + let body = '' + if (req.body && req.body.length > config.documentMaxLength) { + return errors.errorTooLong(res) + } else if (req.body) { + body = req.body + } + body = body.replace(/[\r]/g, '') + return noteUtil.newNote(req, res, body) +} + exports.doAction = function (req, res, next) { const noteId = req.params.noteId noteUtil.findNote(req, res, function (note) { @@ -18,30 +29,30 @@ exports.doAction = function (req, res, next) { switch (action) { case 'publish': case 'pretty': // pretty deprecated - actionPublish(req, res, note) + publish(req, res, note) break case 'slide': - actionSlide(req, res, note) + slide(req, res, note) break case 'download': - exports.actionDownload(req, res, note) + exports.downloadMarkdown(req, res, note) break case 'info': - actionInfo(req, res, note) + getInfo(req, res, note) break case 'pdf': if (config.allowPDFExport) { - actionPDF(req, res, note) + createPDF(req, res, note) } else { logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') errors.errorForbidden(res) } break case 'gist': - actionGist(req, res, note) + createGist(req, res, note) break case 'revision': - actionRevision(req, res, note) + getRevision(req, res, note) break default: return res.redirect(config.serverURL + '/' + noteId) @@ -49,15 +60,15 @@ exports.doAction = function (req, res, next) { }) } -function actionPublish (req, res, note) { +function publish (req, res, note) { res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) } -function actionSlide (req, res, note) { +function slide (req, res, note) { res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) } -exports.actionDownload = function (req, res, note) { +exports.downloadMarkdown = function (req, res, note) { const body = note.content let filename = models.Note.decodeTitle(note.title) filename = encodeURIComponent(filename) @@ -73,7 +84,7 @@ exports.actionDownload = function (req, res, note) { res.send(body) } -function actionInfo (req, res, note) { +function getInfo (req, res, note) { const body = note.content const extracted = models.Note.extractMeta(body) const markdown = extracted.markdown @@ -98,7 +109,7 @@ function actionInfo (req, res, note) { res.send(data) } -function actionPDF (req, res, note) { +function createPDF (req, res, note) { const url = config.serverURL || 'http://' + req.get('host') const body = note.content const extracted = models.Note.extractMeta(body) @@ -129,7 +140,7 @@ function actionPDF (req, res, note) { }) } -function actionGist (req, res, note) { +function createGist (req, res, note) { const data = { client_id: config.github.clientID, redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', @@ -140,7 +151,7 @@ function actionGist (req, res, note) { res.redirect('https://github.com/login/oauth/authorize?' + query) } -function actionRevision (req, res, note) { +function getRevision (req, res, note) { const actionId = req.params.actionId if (actionId) { const time = moment(parseInt(actionId)) diff --git a/lib/web/note/router.js b/lib/web/note/router.js index 2a6bf2aa7..39da4c2c3 100644 --- a/lib/web/note/router.js +++ b/lib/web/note/router.js @@ -8,15 +8,15 @@ const { markdownParser } = require('../utils') const router = module.exports = Router() -const noteActions = require('./actions') +const noteController = require('./controller') const slide = require('./slide') // get new note -router.get('/new', response.postNote) +router.get('/new', noteController.createFromPOST) // post new note with content -router.post('/new', markdownParser, response.postNote) +router.post('/new', markdownParser, noteController.createFromPOST) // post new note with content and alias -router.post('/new/:noteId', markdownParser, response.postNote) +router.post('/new/:noteId', markdownParser, noteController.createFromPOST) // get publish note router.get('/s/:shortid', response.showPublishNote) // publish note actions @@ -28,6 +28,6 @@ router.get('/p/:shortid/:action', slide.publishSlideActions) // get note by id router.get('/:noteId', response.showNote) // note actions -router.get('/:noteId/:action', noteActions.doAction) +router.get('/:noteId/:action', noteController.doAction) // note actions with action id -router.get('/:noteId/:action/:actionId', noteActions.doAction) +router.get('/:noteId/:action/:actionId', noteController.doAction) From 181d5646cfbde303cf3335c5dea51232d874b0f1 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 14:57:45 +0100 Subject: [PATCH 05/11] Move note actions into their own file Signed-off-by: David Mehren --- lib/web/note/actions.js | 123 +++++++++++++++++++++++++++++++++++++ lib/web/note/controller.js | 17 +++-- 2 files changed, 131 insertions(+), 9 deletions(-) create mode 100644 lib/web/note/actions.js diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js new file mode 100644 index 000000000..a97eebb68 --- /dev/null +++ b/lib/web/note/actions.js @@ -0,0 +1,123 @@ +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const errors = require('../../errors') +const fs = require('fs') +const shortId = require('shortid') +const markdownpdf = require('markdown-pdf') +const moment = require('moment') +const querystring = require('querystring') + + +exports.getInfo = function getInfo (req, res, note) { + const body = note.content + const extracted = models.Note.extractMeta(body) + const markdown = extracted.markdown + const meta = models.Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + const title = models.Note.decodeTitle(note.title) + const data = { + title: meta.title || title, + description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(data) +} + +exports.createPDF = function createPDF (req, res, note) { + const url = config.serverURL || 'http://' + req.get('host') + const body = note.content + const extracted = models.Note.extractMeta(body) + let content = extracted.markdown + const title = models.Note.decodeTitle(note.title) + + if (!fs.existsSync(config.tmpPath)) { + fs.mkdirSync(config.tmpPath) + } + const path = config.tmpPath + '/' + Date.now() + '.pdf' + content = content.replace(/\]\(\//g, '](' + url + '/') + markdownpdf().from.string(content).to(path, function () { + if (!fs.existsSync(path)) { + logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) + return errors.errorInternalError(res) + } + const stream = fs.createReadStream(path) + let filename = title + // Be careful of special characters + filename = encodeURIComponent(filename) + // Ideally this should strip them + res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') + res.setHeader('Cache-Control', 'private') + res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') + res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling + stream.pipe(res) + fs.unlinkSync(path) + }) +} + +exports.createGist = function createGist (req, res, note) { + const data = { + client_id: config.github.clientID, + redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', + scope: 'gist', + state: shortId.generate() + } + const query = querystring.stringify(data) + res.redirect('https://github.com/login/oauth/authorize?' + query) +} + +exports.getRevision = function getRevision (req, res, note) { + const actionId = req.params.actionId + if (actionId) { + const time = moment(parseInt(actionId)) + if (time.isValid()) { + models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { + if (err) { + logger.error(err) + return errors.errorInternalError(res) + } + if (!content) { + return errors.errorNotFound(res) + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(content) + }) + } else { + return errors.errorNotFound(res) + } + } else { + models.Revision.getNoteRevisions(note, function (err, data) { + if (err) { + logger.error(err) + return errors.errorInternalError(res) + } + const out = { + revision: data + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(out) + }) + } +} diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index c89cc5de8..d6bbe0e79 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -4,12 +4,11 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') const errors = require('../../errors') -const fs = require('fs') -const shortId = require('shortid') -const markdownpdf = require('markdown-pdf') -const moment = require('moment') -const querystring = require('querystring') + const noteUtil = require('./util') +const noteActions = require('./actions') + + exports.createFromPOST = function (req, res, next) { let body = '' @@ -38,21 +37,21 @@ exports.doAction = function (req, res, next) { exports.downloadMarkdown(req, res, note) break case 'info': - getInfo(req, res, note) + noteActions.getInfo(req, res, note) break case 'pdf': if (config.allowPDFExport) { - createPDF(req, res, note) + noteActions.createPDF(req, res, note) } else { logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') errors.errorForbidden(res) } break case 'gist': - createGist(req, res, note) + noteActions.createGist(req, res, note) break case 'revision': - getRevision(req, res, note) + noteActions.getRevision(req, res, note) break default: return res.redirect(config.serverURL + '/' + noteId) From dee62ce571cc3e33f60499e3ed9cfa4cc5c2f0da Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 14:59:44 +0100 Subject: [PATCH 06/11] Move showNote to note controller Signed-off-by: David Mehren --- lib/response.js | 28 --------- lib/web/note/controller.js | 122 ++++++------------------------------- lib/web/note/router.js | 2 +- 3 files changed, 19 insertions(+), 133 deletions(-) diff --git a/lib/response.js b/lib/response.js index 20612b685..8b027c12a 100644 --- a/lib/response.js +++ b/lib/response.js @@ -14,7 +14,6 @@ const errors = require('./errors') // public var response = { - showNote: showNote, showPublishNote: showPublishNote, showIndex: showIndex, publishNoteActions: publishNoteActions, @@ -52,33 +51,6 @@ function showIndex (req, res, next) { } } -function responseCodiMD (res, note) { - var body = note.content - var extracted = models.Note.extractMeta(body) - var meta = models.Note.parseMeta(extracted.meta) - var title = models.Note.decodeTitle(note.title) - title = models.Note.generateWebTitle(meta.title || title) - var opengraph = models.Note.parseOpengraph(meta, title) - res.set({ - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.render('codimd.ejs', { - title: title, - opengraph: opengraph - }) -} - -function showNote (req, res, next) { - noteUtil.findNote(req, res, function (note) { - // force to use note id - var noteId = req.params.noteId - var id = models.Note.encodeNoteId(note.id) - if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverURL + '/' + (note.alias || id)) } - return responseCodiMD(res, note) - }) -} - function showPublishNote (req, res, next) { var include = [{ model: models.User, diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index d6bbe0e79..726d35770 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -8,7 +8,17 @@ const errors = require('../../errors') const noteUtil = require('./util') const noteActions = require('./actions') - +exports.showNote = function (req, res, next) { + noteUtil.findNote(req, res, function (note) { + // force to use note id + const noteId = req.params.noteId + const id = models.Note.encodeNoteId(note.id) + if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { + return res.redirect(config.serverURL + '/' + (note.alias || id)) + } + return responseCodiMD(res, note) + }) +} exports.createFromPOST = function (req, res, next) { let body = '' @@ -83,115 +93,19 @@ exports.downloadMarkdown = function (req, res, note) { res.send(body) } -function getInfo (req, res, note) { +function responseCodiMD (res, note) { const body = note.content const extracted = models.Note.extractMeta(body) - const markdown = extracted.markdown const meta = models.Note.parseMeta(extracted.meta) - const createtime = note.createdAt - const updatetime = note.lastchangeAt - const title = models.Note.decodeTitle(note.title) - const data = { - title: meta.title || title, - description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), - viewcount: note.viewcount, - createtime: createtime, - updatetime: updatetime - } + let title = models.Note.decodeTitle(note.title) + title = models.Note.generateWebTitle(meta.title || title) + const opengraph = models.Note.parseOpengraph(meta, title) res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', 'Cache-Control': 'private', // only cache by client 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling }) - res.send(data) -} - -function createPDF (req, res, note) { - const url = config.serverURL || 'http://' + req.get('host') - const body = note.content - const extracted = models.Note.extractMeta(body) - let content = extracted.markdown - const title = models.Note.decodeTitle(note.title) - - if (!fs.existsSync(config.tmpPath)) { - fs.mkdirSync(config.tmpPath) - } - const path = config.tmpPath + '/' + Date.now() + '.pdf' - content = content.replace(/\]\(\//g, '](' + url + '/') - markdownpdf().from.string(content).to(path, function () { - if (!fs.existsSync(path)) { - logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) - return errors.errorInternalError(res) - } - const stream = fs.createReadStream(path) - let filename = title - // Be careful of special characters - filename = encodeURIComponent(filename) - // Ideally this should strip them - res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') - res.setHeader('Cache-Control', 'private') - res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') - res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling - stream.pipe(res) - fs.unlinkSync(path) + res.render('codimd.ejs', { + title: title, + opengraph: opengraph }) } - -function createGist (req, res, note) { - const data = { - client_id: config.github.clientID, - redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', - scope: 'gist', - state: shortId.generate() - } - const query = querystring.stringify(data) - res.redirect('https://github.com/login/oauth/authorize?' + query) -} - -function getRevision (req, res, note) { - const actionId = req.params.actionId - if (actionId) { - const time = moment(parseInt(actionId)) - if (time.isValid()) { - models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { - if (err) { - logger.error(err) - return errors.errorInternalError(res) - } - if (!content) { - return errors.errorNotFound(res) - } - res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.send(content) - }) - } else { - return errors.errorNotFound(res) - } - } else { - models.Revision.getNoteRevisions(note, function (err, data) { - if (err) { - logger.error(err) - return errors.errorInternalError(res) - } - const out = { - revision: data - } - res.set({ - 'Access-Control-Allow-Origin': '*', // allow CORS as API - 'Access-Control-Allow-Headers': 'Range', - 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.send(out) - }) - } -} diff --git a/lib/web/note/router.js b/lib/web/note/router.js index 39da4c2c3..e4f867b24 100644 --- a/lib/web/note/router.js +++ b/lib/web/note/router.js @@ -26,7 +26,7 @@ router.get('/p/:shortid', slide.showPublishSlide) // publish slide actions router.get('/p/:shortid/:action', slide.publishSlideActions) // get note by id -router.get('/:noteId', response.showNote) +router.get('/:noteId', noteController.showNote) // note actions router.get('/:noteId/:action', noteController.doAction) // note actions with action id From 2bc4233ba80346e60ed4840714a9aa347ccdb361 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 15:22:14 +0100 Subject: [PATCH 07/11] Move showPublishNote and publishNoteActions to note controller Signed-off-by: David Mehren --- lib/response.js | 82 -------------------------------------- lib/web/note/actions.js | 1 - lib/web/note/controller.js | 52 ++++++++++++++++++++++++ lib/web/note/router.js | 7 +--- lib/web/note/slide.js | 40 ++----------------- lib/web/note/util.js | 42 +++++++++++++++++++ 6 files changed, 99 insertions(+), 125 deletions(-) diff --git a/lib/response.js b/lib/response.js index 8b027c12a..2e944e32e 100644 --- a/lib/response.js +++ b/lib/response.js @@ -9,14 +9,11 @@ var config = require('./config') var logger = require('./logger') var models = require('./models') const noteUtil = require('./web/note/util') -const noteController = require('./web/note/controller') const errors = require('./errors') // public var response = { - showPublishNote: showPublishNote, showIndex: showIndex, - publishNoteActions: publishNoteActions, githubActions: githubActions, gitlabActions: gitlabActions } @@ -51,85 +48,6 @@ function showIndex (req, res, next) { } } -function showPublishNote (req, res, next) { - var include = [{ - model: models.User, - as: 'owner' - }, { - model: models.User, - as: 'lastchangeuser' - }] - noteUtil.findNote(req, res, function (note) { - // force to use short id - var shortid = req.params.shortid - if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { - return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) - } - note.increment('viewcount').then(function (note) { - if (!note) { - return errors.errorNotFound(res) - } - var body = note.content - var extracted = models.Note.extractMeta(body) - var markdown = extracted.markdown - var meta = models.Note.parseMeta(extracted.meta) - var createtime = note.createdAt - var updatetime = note.lastchangeAt - var title = models.Note.decodeTitle(note.title) - title = models.Note.generateWebTitle(meta.title || title) - var ogdata = models.Note.parseOpengraph(meta, title) - var data = { - title: title, - description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), - viewcount: note.viewcount, - createtime: createtime, - updatetime: updatetime, - body: body, - owner: note.owner ? note.owner.id : null, - ownerprofile: note.owner ? models.User.getProfile(note.owner) : null, - lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, - lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null, - robots: meta.robots || false, // default allow robots - GA: meta.GA, - disqus: meta.disqus, - cspNonce: res.locals.nonce, - dnt: req.headers.dnt, - opengraph: ogdata - } - return renderPublish(data, res) - }).catch(function (err) { - logger.error(err) - return errors.errorInternalError(res) - }) - }, include) -} - -function renderPublish (data, res) { - res.set({ - 'Cache-Control': 'private' // only cache by client - }) - res.render('pretty.ejs', data) -} - -function publishNoteActions (req, res, next) { - noteUtil.findNote(req, res, function (note) { - var action = req.params.action - switch (action) { - case 'download': - noteController.downloadMarkdown(req, res, note) - break - case 'edit': - res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both') - break - default: - res.redirect(config.serverURL + '/s/' + note.shortid) - break - } - }) -} - - - function githubActions (req, res, next) { var noteId = req.params.noteId noteUtil.findNote(req, res, function (note) { diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js index a97eebb68..9ff7fedbf 100644 --- a/lib/web/note/actions.js +++ b/lib/web/note/actions.js @@ -8,7 +8,6 @@ const markdownpdf = require('markdown-pdf') const moment = require('moment') const querystring = require('querystring') - exports.getInfo = function getInfo (req, res, note) { const body = note.content const extracted = models.Note.extractMeta(body) diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index 726d35770..991b891d6 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -8,6 +8,58 @@ const errors = require('../../errors') const noteUtil = require('./util') const noteActions = require('./actions') +exports.publishNoteActions = function (req, res, next) { + noteUtil.findNote(req, res, function (note) { + const action = req.params.action + switch (action) { + case 'download': + exports.downloadMarkdown(req, res, note) + break + case 'edit': + res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both') + break + default: + res.redirect(config.serverURL + '/s/' + note.shortid) + break + } + }) +} + +exports.showPublishNote = function (req, res, next) { + const include = [{ + model: models.User, + as: 'owner' + }, { + model: models.User, + as: 'lastchangeuser' + }] + noteUtil.findNote(req, res, function (note) { + // force to use short id + const shortid = req.params.shortid + if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { + return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) + } + note.increment('viewcount').then(function (note) { + if (!note) { + return errors.errorNotFound(res) + } + noteUtil.getPublishData(req, res, note, (data) => { + return renderPublish(data, res) + }) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) + }, include) +} + +function renderPublish (data, res) { + res.set({ + 'Cache-Control': 'private' // only cache by client + }) + res.render('pretty.ejs', data) +} + exports.showNote = function (req, res, next) { noteUtil.findNote(req, res, function (note) { // force to use note id diff --git a/lib/web/note/router.js b/lib/web/note/router.js index e4f867b24..cf6fdf431 100644 --- a/lib/web/note/router.js +++ b/lib/web/note/router.js @@ -1,9 +1,6 @@ 'use strict' const Router = require('express').Router - -const response = require('../../response') - const { markdownParser } = require('../utils') const router = module.exports = Router() @@ -18,9 +15,9 @@ router.post('/new', markdownParser, noteController.createFromPOST) // post new note with content and alias router.post('/new/:noteId', markdownParser, noteController.createFromPOST) // get publish note -router.get('/s/:shortid', response.showPublishNote) +router.get('/s/:shortid', noteController.showPublishNote) // publish note actions -router.get('/s/:shortid/:action', response.publishNoteActions) +router.get('/s/:shortid/:action', noteController.publishNoteActions) // get publish slide router.get('/p/:shortid', slide.showPublishSlide) // publish slide actions diff --git a/lib/web/note/slide.js b/lib/web/note/slide.js index 58e461021..e6ac9dd04 100644 --- a/lib/web/note/slide.js +++ b/lib/web/note/slide.js @@ -3,8 +3,6 @@ const models = require('../../models') const errors = require('../../errors') const logger = require('../../logger') const config = require('../../config') -const fs = require('fs') -const path = require('path') exports.publishSlideActions = function (req, res, next) { noteUtil.findNote(req, res, function (note) { @@ -33,34 +31,9 @@ exports.showPublishSlide = function (req, res, next) { if (!note) { return errors.errorNotFound(res) } - const body = note.content - const extracted = models.Note.extractMeta(body) - const markdown = extracted.markdown - const meta = models.Note.parseMeta(extracted.meta) - const createtime = note.createdAt - const updatetime = note.lastchangeAt - let title = models.Note.decodeTitle(note.title) - title = models.Note.generateWebTitle(meta.title || title) - const data = { - title: title, - description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), - viewcount: note.viewcount, - createtime: createtime, - updatetime: updatetime, - body: markdown, - theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme), - meta: JSON.stringify(extracted.meta), - owner: note.owner ? note.owner.id : null, - ownerprofile: note.owner ? models.User.getProfile(note.owner) : null, - lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, - lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null, - robots: meta.robots || false, // default allow robots - GA: meta.GA, - disqus: meta.disqus, - cspNonce: res.locals.nonce, - dnt: req.headers.dnt - } - return renderPublishSlide(data, res) + noteUtil.getPublishData(req, res, note, (data) => { + return renderPublishSlide(data, res) + }) }).catch(function (err) { logger.error(err) return errors.errorInternalError(res) @@ -74,10 +47,3 @@ function renderPublishSlide (data, res) { }) res.render('slide.ejs', data) } - -function isRevealTheme (theme) { - if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) { - return theme - } - return undefined -} diff --git a/lib/web/note/util.js b/lib/web/note/util.js index bda74ac44..eadfb1a3d 100644 --- a/lib/web/note/util.js +++ b/lib/web/note/util.js @@ -2,6 +2,8 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') const errors = require('../../errors') +const fs = require('fs') +const path = require('path') exports.findNote = function (req, res, callback, include) { const id = req.params.noteId || req.params.shortid @@ -65,3 +67,43 @@ exports.newNote = function (req, res, body) { return errors.errorInternalError(res) }) } + +exports.getPublishData = function (req, res, note, callback) { + const body = note.content + const extracted = models.Note.extractMeta(body) + const markdown = extracted.markdown + const meta = models.Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + let title = models.Note.decodeTitle(note.title) + title = models.Note.generateWebTitle(meta.title || title) + const ogdata = models.Note.parseOpengraph(meta, title) + const data = { + title: title, + description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime, + body: markdown, + theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme), + meta: JSON.stringify(extracted.meta), + owner: note.owner ? note.owner.id : null, + ownerprofile: note.owner ? models.User.getProfile(note.owner) : null, + lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null, + lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null, + robots: meta.robots || false, // default allow robots + GA: meta.GA, + disqus: meta.disqus, + cspNonce: res.locals.nonce, + dnt: req.headers.dnt, + opengraph: ogdata + } + callback(data) +} + +function isRevealTheme (theme) { + if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) { + return theme + } + return undefined +} From 25a540ebbc3805bc3225b84e91d683ef8fa9e3ed Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 15:26:50 +0100 Subject: [PATCH 08/11] Inline renderPublish Signed-off-by: David Mehren --- lib/web/note/controller.js | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index 991b891d6..1395825f4 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -44,7 +44,10 @@ exports.showPublishNote = function (req, res, next) { return errors.errorNotFound(res) } noteUtil.getPublishData(req, res, note, (data) => { - return renderPublish(data, res) + res.set({ + 'Cache-Control': 'private' // only cache by client + }) + return res.render('pretty.ejs', data) }) }).catch(function (err) { logger.error(err) @@ -53,13 +56,6 @@ exports.showPublishNote = function (req, res, next) { }, include) } -function renderPublish (data, res) { - res.set({ - 'Cache-Control': 'private' // only cache by client - }) - res.render('pretty.ejs', data) -} - exports.showNote = function (req, res, next) { noteUtil.findNote(req, res, function (note) { // force to use note id From ca9e6e49c9c80ecdd1f79635062f1cef4c931ffb Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 15:27:48 +0100 Subject: [PATCH 09/11] Inline publish and slide Signed-off-by: David Mehren --- lib/web/note/controller.js | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index 1395825f4..3641f6b1f 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -86,10 +86,10 @@ exports.doAction = function (req, res, next) { switch (action) { case 'publish': case 'pretty': // pretty deprecated - publish(req, res, note) + res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) break case 'slide': - slide(req, res, note) + res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) break case 'download': exports.downloadMarkdown(req, res, note) @@ -117,14 +117,6 @@ exports.doAction = function (req, res, next) { }) } -function publish (req, res, note) { - res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) -} - -function slide (req, res, note) { - res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) -} - exports.downloadMarkdown = function (req, res, note) { const body = note.content let filename = models.Note.decodeTitle(note.title) From 3c39d07723e20cbd7facb68253ef1aead8da753c Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 15:29:10 +0100 Subject: [PATCH 10/11] Inline responseCodiMD Signed-off-by: David Mehren --- lib/web/note/controller.js | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index 3641f6b1f..e537fe08a 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -64,7 +64,20 @@ exports.showNote = function (req, res, next) { if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverURL + '/' + (note.alias || id)) } - return responseCodiMD(res, note) + const body = note.content + const extracted = models.Note.extractMeta(body) + const meta = models.Note.parseMeta(extracted.meta) + let title = models.Note.decodeTitle(note.title) + title = models.Note.generateWebTitle(meta.title || title) + const opengraph = models.Note.parseOpengraph(meta, title) + res.set({ + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + return res.render('codimd.ejs', { + title: title, + opengraph: opengraph + }) }) } @@ -132,20 +145,3 @@ exports.downloadMarkdown = function (req, res, note) { }) res.send(body) } - -function responseCodiMD (res, note) { - const body = note.content - const extracted = models.Note.extractMeta(body) - const meta = models.Note.parseMeta(extracted.meta) - let title = models.Note.decodeTitle(note.title) - title = models.Note.generateWebTitle(meta.title || title) - const opengraph = models.Note.parseOpengraph(meta, title) - res.set({ - 'Cache-Control': 'private', // only cache by client - 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling - }) - res.render('codimd.ejs', { - title: title, - opengraph: opengraph - }) -} From b5ccceff59002034fbb089935076f40b8aa16e58 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 15:44:23 +0100 Subject: [PATCH 11/11] Inline renderPublishSlide Signed-off-by: David Mehren --- lib/web/note/slide.js | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/web/note/slide.js b/lib/web/note/slide.js index e6ac9dd04..d2d2ccfc5 100644 --- a/lib/web/note/slide.js +++ b/lib/web/note/slide.js @@ -32,7 +32,10 @@ exports.showPublishSlide = function (req, res, next) { return errors.errorNotFound(res) } noteUtil.getPublishData(req, res, note, (data) => { - return renderPublishSlide(data, res) + res.set({ + 'Cache-Control': 'private' // only cache by client + }) + return res.render('slide.ejs', data) }) }).catch(function (err) { logger.error(err) @@ -40,10 +43,3 @@ exports.showPublishSlide = function (req, res, next) { }) }, include) } - -function renderPublishSlide (data, res) { - res.set({ - 'Cache-Control': 'private' // only cache by client - }) - res.render('slide.ejs', data) -}