mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-24 18:56:32 -05:00
Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64
Fix to use url-safe base64 in note url
This commit is contained in:
commit
f6df2deb84
7 changed files with 101 additions and 10 deletions
|
@ -1,6 +1,7 @@
|
|||
'use strict'
|
||||
// history
|
||||
// external modules
|
||||
var LZString = require('lz-string')
|
||||
|
||||
// core
|
||||
var config = require('./config')
|
||||
|
@ -27,7 +28,20 @@ function getHistory (userid, callback) {
|
|||
}
|
||||
var history = {}
|
||||
if (user.history) {
|
||||
history = parseHistoryToObject(JSON.parse(user.history))
|
||||
history = JSON.parse(user.history)
|
||||
// migrate LZString encoded note id to base64url encoded note id
|
||||
for (let i = 0, l = history.length; i < l; i++) {
|
||||
try {
|
||||
let id = LZString.decompressFromBase64(history[i].id)
|
||||
if (id && models.Note.checkNoteIdValid(id)) {
|
||||
history[i].id = models.Note.encodeNoteId(id)
|
||||
}
|
||||
} catch (err) {
|
||||
// most error here comes from LZString, ignore
|
||||
logger.error(err)
|
||||
}
|
||||
}
|
||||
history = parseHistoryToObject(history)
|
||||
}
|
||||
if (config.debug) {
|
||||
logger.info('read history success: ' + user.id)
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
var fs = require('fs')
|
||||
var path = require('path')
|
||||
var LZString = require('lz-string')
|
||||
var base64url = require('base64url')
|
||||
var md = require('markdown-it')()
|
||||
var metaMarked = require('meta-marked')
|
||||
var cheerio = require('cheerio')
|
||||
|
@ -114,6 +115,24 @@ module.exports = function (sequelize, DataTypes) {
|
|||
return false
|
||||
}
|
||||
},
|
||||
encodeNoteId: function (id) {
|
||||
// remove dashes in UUID and encode in url-safe base64
|
||||
let str = id.replace(/-/g, '')
|
||||
let hexStr = Buffer.from(str, 'hex')
|
||||
return base64url.encode(hexStr)
|
||||
},
|
||||
decodeNoteId: function (encodedId) {
|
||||
// decode from url-safe base64
|
||||
let id = base64url.toBuffer(encodedId).toString('hex')
|
||||
// add dashes between the UUID string parts
|
||||
let idParts = []
|
||||
idParts.push(id.substr(0, 8))
|
||||
idParts.push(id.substr(8, 4))
|
||||
idParts.push(id.substr(12, 4))
|
||||
idParts.push(id.substr(16, 4))
|
||||
idParts.push(id.substr(20, 12))
|
||||
return idParts.join('-')
|
||||
},
|
||||
checkNoteIdValid: function (id) {
|
||||
var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
|
||||
var result = id.match(uuidRegex)
|
||||
|
@ -190,13 +209,25 @@ module.exports = function (sequelize, DataTypes) {
|
|||
return _callback(err, null)
|
||||
})
|
||||
},
|
||||
// parse note id by LZString is deprecated, here for compability
|
||||
parseNoteIdByLZString: function (_callback) {
|
||||
// try to parse note id by LZString Base64
|
||||
try {
|
||||
var id = LZString.decompressFromBase64(noteId)
|
||||
if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) }
|
||||
} catch (err) {
|
||||
return _callback(err, null)
|
||||
logger.error(err)
|
||||
return _callback(null, null)
|
||||
}
|
||||
},
|
||||
parseNoteIdByBase64Url: function (_callback) {
|
||||
// try to parse note id by base64url
|
||||
try {
|
||||
var id = Note.decodeNoteId(noteId)
|
||||
if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) }
|
||||
} catch (err) {
|
||||
logger.error(err)
|
||||
return _callback(null, null)
|
||||
}
|
||||
},
|
||||
parseNoteIdByShortId: function (_callback) {
|
||||
|
|
|
@ -5,7 +5,6 @@ var cookie = require('cookie')
|
|||
var cookieParser = require('cookie-parser')
|
||||
var url = require('url')
|
||||
var async = require('async')
|
||||
var LZString = require('lz-string')
|
||||
var randomcolor = require('randomcolor')
|
||||
var Chance = require('chance')
|
||||
var chance = new Chance()
|
||||
|
@ -703,7 +702,7 @@ function operationCallback (socket, operation) {
|
|||
}
|
||||
|
||||
function updateHistory (userId, note, time) {
|
||||
var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id)
|
||||
var noteId = note.alias ? note.alias : models.Note.encodeNoteId(note.id)
|
||||
if (note.server) history.updateHistory(userId, noteId, note.server.document, time)
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
// external modules
|
||||
var fs = require('fs')
|
||||
var markdownpdf = require('markdown-pdf')
|
||||
var LZString = require('lz-string')
|
||||
var shortId = require('shortid')
|
||||
var querystring = require('querystring')
|
||||
var request = require('request')
|
||||
|
@ -124,7 +123,7 @@ function newNote (req, res, next) {
|
|||
alias: req.alias ? req.alias : null,
|
||||
content: req.body ? req.body : ''
|
||||
}).then(function (note) {
|
||||
return res.redirect(config.serverurl + '/' + LZString.compressToBase64(note.id))
|
||||
return res.redirect(config.serverurl + '/' + models.Note.encodeNoteId(note.id))
|
||||
}).catch(function (err) {
|
||||
logger.error(err)
|
||||
return response.errorInternalError(res)
|
||||
|
@ -179,7 +178,7 @@ function showNote (req, res, next) {
|
|||
findNote(req, res, function (note) {
|
||||
// force to use note id
|
||||
var noteId = req.params.noteId
|
||||
var id = LZString.compressToBase64(note.id)
|
||||
var id = models.Note.encodeNoteId(note.id)
|
||||
if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverurl + '/' + (note.alias || id)) }
|
||||
return responseHackMD(res, note)
|
||||
})
|
||||
|
@ -321,7 +320,7 @@ function actionPDF (req, res, note) {
|
|||
function actionGist (req, res, note) {
|
||||
var data = {
|
||||
client_id: config.github.clientID,
|
||||
redirect_uri: config.serverurl + '/auth/github/callback/' + LZString.compressToBase64(note.id) + '/gist',
|
||||
redirect_uri: config.serverurl + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
|
||||
scope: 'gist',
|
||||
state: shortId.generate()
|
||||
}
|
||||
|
@ -418,7 +417,7 @@ function publishNoteActions (req, res, next) {
|
|||
var action = req.params.action
|
||||
switch (action) {
|
||||
case 'edit':
|
||||
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
|
||||
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
|
||||
break
|
||||
default:
|
||||
res.redirect(config.serverurl + '/s/' + note.shortid)
|
||||
|
@ -432,7 +431,7 @@ function publishSlideActions (req, res, next) {
|
|||
var action = req.params.action
|
||||
switch (action) {
|
||||
case 'edit':
|
||||
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
|
||||
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
|
||||
break
|
||||
default:
|
||||
res.redirect(config.serverurl + '/p/' + note.shortid)
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
|
||||
"async": "^2.1.4",
|
||||
"aws-sdk": "^2.7.20",
|
||||
"base64url": "^2.0.0",
|
||||
"blueimp-md5": "^2.6.0",
|
||||
"body-parser": "^1.15.2",
|
||||
"bootstrap": "^3.3.7",
|
||||
|
|
|
@ -3,6 +3,12 @@
|
|||
|
||||
import store from 'store'
|
||||
import S from 'string'
|
||||
import LZString from 'lz-string'
|
||||
|
||||
import {
|
||||
checkNoteIdValid,
|
||||
encodeNoteId
|
||||
} from './utils'
|
||||
|
||||
import {
|
||||
checkIfAuth
|
||||
|
@ -291,6 +297,15 @@ function parseToHistory (list, notehistory, callback) {
|
|||
else if (!list || !notehistory) callback(list, notehistory)
|
||||
else if (notehistory && notehistory.length > 0) {
|
||||
for (let i = 0; i < notehistory.length; i++) {
|
||||
// migrate LZString encoded id to base64url encoded id
|
||||
try {
|
||||
let id = LZString.decompressFromBase64(notehistory[i].id)
|
||||
if (id && checkNoteIdValid(id)) {
|
||||
notehistory[i].id = encodeNoteId(id)
|
||||
}
|
||||
} catch (err) {
|
||||
console.error(err)
|
||||
}
|
||||
// parse time to timestamp and fromNow
|
||||
const timestamp = (typeof notehistory[i].time === 'number' ? moment(notehistory[i].time) : moment(notehistory[i].time, 'MMMM Do YYYY, h:mm:ss a'))
|
||||
notehistory[i].timestamp = timestamp.valueOf()
|
||||
|
|
32
public/js/utils.js
Normal file
32
public/js/utils.js
Normal file
|
@ -0,0 +1,32 @@
|
|||
import base64url from 'base64url'
|
||||
|
||||
let uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
|
||||
|
||||
export function checkNoteIdValid (id) {
|
||||
let result = id.match(uuidRegex)
|
||||
if (result && result.length === 1) {
|
||||
return true
|
||||
} else {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
export function encodeNoteId (id) {
|
||||
// remove dashes in UUID and encode in url-safe base64
|
||||
let str = id.replace(/-/g, '')
|
||||
let hexStr = Buffer.from(str, 'hex')
|
||||
return base64url.encode(hexStr)
|
||||
}
|
||||
|
||||
export function decodeNoteId (encodedId) {
|
||||
// decode from url-safe base64
|
||||
let id = base64url.toBuffer(encodedId).toString('hex')
|
||||
// add dashes between the UUID string parts
|
||||
let idParts = []
|
||||
idParts.push(id.substr(0, 8))
|
||||
idParts.push(id.substr(8, 4))
|
||||
idParts.push(id.substr(12, 4))
|
||||
idParts.push(id.substr(16, 4))
|
||||
idParts.push(id.substr(20, 12))
|
||||
return idParts.join('-')
|
||||
}
|
Loading…
Reference in a new issue