diff --git a/app.js b/app.js index 35408bb03..1565ffb53 100644 --- a/app.js +++ b/app.js @@ -16,7 +16,6 @@ var formidable = require('formidable'); var morgan = require('morgan'); var passportSocketIo = require("passport.socketio"); var helmet = require('helmet'); -var request = require('request'); //core var config = require("./lib/config.js"); @@ -83,9 +82,6 @@ var sessionStore = new SequelizeStore({ //compression app.use(compression()); -//cookies -app.use(cookieParser()); - // use hsts to tell https users stick to this app.use(helmet.hsts({ maxAge: 31536000 * 1000, // 365 days @@ -310,8 +306,7 @@ if (config.gitlab) { res.redirect(config.serverurl); }); //gitlab callback actions - // TODO: Maybe in the future - //app.get('/auth/gitlab/callback/:noteId/:action', response.gitlabActions); + app.get('/auth/gitlab/callback/:noteId/:action', response.gitlabActions); } //dropbox auth if (config.dropbox) { @@ -442,29 +437,6 @@ app.post('/uploadimage', function (req, res) { } }); }); -//get gitlab parameters -app.get('/gitlab', function (req, res) { - var ret = { baseURL: config.gitlab.baseURL }; - models.User.findById(req.cookies.userid) - .then(function(user) { - ret.accesstoken = user.accessToken; - ret.profileid = user.profileid; - request( - config.gitlab.baseURL + '/api/v3/projects?access_token=' + user.accessToken, - function(error, httpResponse, body) { - if (!error && httpResponse.statusCode == 200) { - ret.projects = JSON.parse(body); - return res.send(ret); - } else { - return res.send(ret); - } - } - ); - }).catch(function(err) { - logger.error('user search failed: ' + err); - return response.errorInternalError(res); - }); -}); //get new note app.get("/new", response.newNote); //get publish note diff --git a/lib/response.js b/lib/response.js index 99cd080a9..9c7107514 100644 --- a/lib/response.js +++ b/lib/response.js @@ -51,7 +51,8 @@ var response = { showIndex: showIndex, noteActions: noteActions, publishNoteActions: publishNoteActions, - githubActions: githubActions + githubActions: githubActions, + gitlabActions: gitlabActions }; function responseError(res, code, detail, msg) { @@ -435,6 +436,53 @@ function githubActionGist(req, res, note) { } } +function gitlabActions(req, res, next) { + var noteId = req.params.noteId; + findNote(req, res, function (note) { + var action = req.params.action; + switch (action) { + case "projects": + gitlabActionProjects(req, res, note); + break; + default: + res.redirect(config.serverurl + '/' + noteId); + break; + } + }); +} + +function gitlabActionProjects(req, res, note) { + if (req.isAuthenticated()) { + models.User.findOne({ + where: { + id: req.user.id + } + }).then(function (user) { + if (!user) + return response.errorNotFound(res); + var ret = { baseURL: config.gitlab.baseURL }; + ret.accesstoken = user.accessToken; + ret.profileid = user.profileid; + request( + config.gitlab.baseURL + '/api/v3/projects?access_token=' + user.accessToken, + function(error, httpResponse, body) { + if (!error && httpResponse.statusCode == 200) { + ret.projects = JSON.parse(body); + return res.send(ret); + } else { + return res.send(ret); + } + } + ); + }).catch(function (err) { + logger.error('gitlab action projects failed: ' + err); + return response.errorInternalError(res); + }); + } else { + return response.errorForbidden(res); + } +} + function showPublishSlide(req, res, next) { findNote(req, res, function (note) { note.increment('viewcount').then(function (note) { diff --git a/public/js/index.js b/public/js/index.js index 6163d293e..e47b8c18d 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1182,7 +1182,7 @@ ui.toolbar.export.gist.attr("href", noteurl + "/gist"); //export to snippet ui.toolbar.export.snippet.click(function() { ui.spinner.show(); - $.get(serverurl + '/gitlab') + $.get(serverurl + '/auth/gitlab/callback/' + noteid + '/projects') .success(function (data) { $("#snippetExportModalAccessToken").val(data.accesstoken); $("#snippetExportModalBaseURL").val(data.baseURL); @@ -1268,7 +1268,7 @@ ui.toolbar.import.gist.click(function () { //import from snippet ui.toolbar.import.snippet.click(function () { ui.spinner.show(); - $.get(serverurl + '/gitlab') + $.get(serverurl + '/auth/gitlab/callback/' + noteid + '/projects') .success(function (data) { $("#snippetImportModalAccessToken").val(data.accesstoken); $("#snippetImportModalBaseURL").val(data.baseURL);