github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-21 17:26:29 -05:00
Code Issues Projects Releases Packages Wiki Activity

Move note actions to their own file.

Browse source 
Because of circular import problems, this commit also moves the error messages from response.js to errors.js

Signed-off-by: David Mehren <dmehren1@gmail.com>
This commit is contained in:
David Mehren 2019-10-27 13:51:53 +01:00
parent 20a67e3446
commit f78540c3fb
No known key found for this signature in database
GPG key ID: 6017AF117F9756CB
16 changed files with 410 additions and 390 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app.js
View file

@ -22,7 +22,7 @@ var flash = require('connect-flash')
// core
var config = require('./lib/config')
var logger = require('./lib/logger')
var response = require('./lib/response')
var errors = require('./lib/errors')
var models = require('./lib/models')
var csp = require('./lib/csp')
@ -212,11 +212,11 @@ app.use(require('./lib/web/auth'))
app.use(require('./lib/web/historyRouter'))
app.use(require('./lib/web/userRouter'))
app.use(require('./lib/web/imageRouter'))
app.use(require('./lib/web/noteRouter'))
app.use(require('./lib/web/note/router'))
// response not found if no any route matxches
app.get('*', function (req, res) {
response.errorNotFound(res)
errors.errorNotFound(res)
})
// socket.io secure

38
lib/errors.js Normal file
View file

@ -0,0 +1,38 @@
const config = require('./config')
module.exports = {
errorForbidden: function (res) {
const { req } = res
if (req.user) {
responseError(res, '403', 'Forbidden', 'oh no.')
} else {
req.flash('error', 'You are not allowed to access this page. Maybe try logging in?')
res.redirect(config.serverURL + '/')
}
},
errorNotFound: function (res) {
responseError(res, '404', 'Not Found', 'oops.')
},
errorBadRequest: function (res) {
responseError(res, '400', 'Bad Request', 'something not right.')
},
errorTooLong: function (res) {
responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
},
errorInternalError: function (res) {
responseError(res, '500', 'Internal Error', 'wtf.')
},
errorServiceUnavailable: function (res) {
res.status(503).send('I\'m busy right now, try again later.')
}
}
function responseError (res, code, detail, msg) {
res.status(code).render('error.ejs', {
title: code + ' ' + detail + ' ' + msg,
code: code,
detail: detail,
msg: msg,
opengraph: []
})
}

40
lib/history.js
View file

@ -5,8 +5,8 @@ var LZString = require('lz-string')
// core
var logger = require('./logger')
var response = require('./response')
var models = require('./models')
const errors = require('./errors')
// public
var History = {
@ -121,14 +121,14 @@ function parseHistoryToObject (history) {
function historyGet (req, res) {
if (req.isAuthenticated()) {
getHistory(req.user.id, function (err, history) {
if (err) return response.errorInternalError(res)
if (!history) return response.errorNotFound(res)
if (err) return errors.errorInternalError(res)
if (!history) return errors.errorNotFound(res)
res.send({
history: parseHistoryToArray(history)
})
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
}
@ -136,40 +136,40 @@ function historyPost (req, res) {
if (req.isAuthenticated()) {
var noteId = req.params.noteId
if (!noteId) {
if (typeof req.body['history'] === 'undefined') return response.errorBadRequest(res)
if (typeof req.body['history'] === 'undefined') return errors.errorBadRequest(res)
logger.debug(`SERVER received history from [${req.user.id}]: ${req.body.history}`)
try {
var history = JSON.parse(req.body.history)
} catch (err) {
return response.errorBadRequest(res)
return errors.errorBadRequest(res)
}
if (Array.isArray(history)) {
setHistory(req.user.id, history, function (err, count) {
if (err) return response.errorInternalError(res)
if (err) return errors.errorInternalError(res)
res.end()
})
} else {
return response.errorBadRequest(res)
return errors.errorBadRequest(res)
}
} else {
if (typeof req.body['pinned'] === 'undefined') return response.errorBadRequest(res)
if (typeof req.body['pinned'] === 'undefined') return errors.errorBadRequest(res)
getHistory(req.user.id, function (err, history) {
if (err) return response.errorInternalError(res)
if (!history) return response.errorNotFound(res)
if (!history[noteId]) return response.errorNotFound(res)
if (err) return errors.errorInternalError(res)
if (!history) return errors.errorNotFound(res)
if (!history[noteId]) return errors.errorNotFound(res)
if (req.body.pinned === 'true' || req.body.pinned === 'false') {
history[noteId].pinned = (req.body.pinned === 'true')
setHistory(req.user.id, history, function (err, count) {
if (err) return response.errorInternalError(res)
if (err) return errors.errorInternalError(res)
res.end()
})
} else {
return response.errorBadRequest(res)
return errors.errorBadRequest(res)
}
})
}
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
}
@ -178,22 +178,22 @@ function historyDelete (req, res) {
var noteId = req.params.noteId
if (!noteId) {
setHistory(req.user.id, [], function (err, count) {
if (err) return response.errorInternalError(res)
if (err) return errors.errorInternalError(res)
res.end()
})
} else {
getHistory(req.user.id, function (err, history) {
if (err) return response.errorInternalError(res)
if (!history) return response.errorNotFound(res)
if (err) return errors.errorInternalError(res)
if (!history) return errors.errorNotFound(res)
delete history[noteId]
setHistory(req.user.id, history, function (err, count) {
if (err) return response.errorInternalError(res)
if (err) return errors.errorInternalError(res)
res.end()
})
})
}
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
}

324
lib/response.js
View file

@ -3,49 +3,22 @@
// external modules
var fs = require('fs')
var path = require('path')
var markdownpdf = require('markdown-pdf')
var shortId = require('shortid')
var querystring = require('querystring')
var request = require('request')
var moment = require('moment')
// core
var config = require('./config')
var logger = require('./logger')
var models = require('./models')
var utils = require('./utils')
const noteUtil = require('./web/note/util')
const noteActions = require('./web/note/actions')
const errors = require('./errors')
// public
var response = {
errorForbidden: function (res) {
const { req } = res
if (req.user) {
responseError(res, '403', 'Forbidden', 'oh no.')
} else {
req.flash('error', 'You are not allowed to access this page. Maybe try logging in?')
res.redirect(config.serverURL + '/')
}
},
errorNotFound: function (res) {
responseError(res, '404', 'Not Found', 'oops.')
},
errorBadRequest: function (res) {
responseError(res, '400', 'Bad Request', 'something not right.')
},
errorTooLong: function (res) {
responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
},
errorInternalError: function (res) {
responseError(res, '500', 'Internal Error', 'wtf.')
},
errorServiceUnavailable: function (res) {
res.status(503).send("I'm busy right now, try again later.")
},
showNote: showNote,
showPublishNote: showPublishNote,
showPublishSlide: showPublishSlide,
showIndex: showIndex,
noteActions: noteActions,
postNote: postNote,
publishNoteActions: publishNoteActions,
publishSlideActions: publishSlideActions,
@ -53,16 +26,6 @@ var response = {
gitlabActions: gitlabActions
}
function responseError (res, code, detail, msg) {
res.status(code).render('error.ejs', {
title: code + ' ' + detail + ' ' + msg,
code: code,
detail: detail,
msg: msg,
opengraph: []
})
}
function showIndex (req, res, next) {
var authStatus = req.isAuthenticated()
var deleteToken = ''
@ -113,79 +76,16 @@ function responseCodiMD (res, note) {
function postNote (req, res, next) {
var body = ''
if (req.body && req.body.length > config.documentMaxLength) {
return response.errorTooLong(res)
return errors.errorTooLong(res)
} else if (req.body) {
body = req.body
}
body = body.replace(/[\r]/g, '')
return newNote(req, res, body)
}
function newNote (req, res, body) {
var owner = null
var noteId = req.params.noteId ? req.params.noteId : null
if (req.isAuthenticated()) {
owner = req.user.id
} else if (!config.allowAnonymous) {
return response.errorForbidden(res)
}
if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
req.alias = noteId
} else if (noteId) {
return req.method === 'POST' ? response.errorForbidden(res) : response.errorNotFound(res)
}
models.Note.create({
ownerId: owner,
alias: req.alias ? req.alias : null,
content: body
}).then(function (note) {
return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
})
}
function checkViewPermission (req, note) {
if (note.permission === 'private') {
if (!req.isAuthenticated() || note.ownerId !== req.user.id) { return false } else { return true }
} else if (note.permission === 'limited' || note.permission === 'protected') {
if (!req.isAuthenticated()) { return false } else { return true }
} else {
return true
}
}
function findNote (req, res, callback, include) {
var id = req.params.noteId || req.params.shortid
models.Note.parseNoteId(id, function (err, _id) {
if (err) {
logger.error(err)
return response.errorInternalError(res)
}
models.Note.findOne({
where: {
id: _id
},
include: include || null
}).then(function (note) {
if (!note) {
return newNote(req, res, null)
}
if (!checkViewPermission(req, note)) {
return response.errorForbidden(res)
} else {
return callback(note)
}
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
})
})
return noteUtil.newNote(req, res, body)
}
function showNote (req, res, next) {
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId
var id = models.Note.encodeNoteId(note.id)
@ -202,7 +102,7 @@ function showPublishNote (req, res, next) {
model: models.User,
as: 'lastchangeuser'
}]
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
// force to use short id
var shortid = req.params.shortid
if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
@ -210,7 +110,7 @@ function showPublishNote (req, res, next) {
}
note.increment('viewcount').then(function (note) {
if (!note) {
return response.errorNotFound(res)
return errors.errorNotFound(res)
}
var body = note.content
var extracted = models.Note.extractMeta(body)
@ -242,7 +142,7 @@ function showPublishNote (req, res, next) {
return renderPublish(data, res)
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
}, include)
}
@ -254,188 +154,12 @@ function renderPublish (data, res) {
res.render('pretty.ejs', data)
}
function actionPublish (req, res, note) {
res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
}
function actionSlide (req, res, note) {
res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
}
function actionDownload (req, res, note) {
var body = note.content
var title = models.Note.decodeTitle(note.title)
var filename = title
filename = encodeURIComponent(filename)
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Content-Type': 'text/markdown; charset=UTF-8',
'Cache-Control': 'private',
'Content-disposition': 'attachment; filename=' + filename + '.md',
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(body)
}
function actionInfo (req, res, note) {
var body = note.content
var extracted = models.Note.extractMeta(body)
var markdown = extracted.markdown
var meta = models.Note.parseMeta(extracted.meta)
var createtime = note.createdAt
var updatetime = note.lastchangeAt
var title = models.Note.decodeTitle(note.title)
var data = {
title: meta.title || title,
description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
viewcount: note.viewcount,
createtime: createtime,
updatetime: updatetime
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(data)
}
function actionPDF (req, res, note) {
var url = config.serverURL || 'http://' + req.get('host')
var body = note.content
var extracted = models.Note.extractMeta(body)
var content = extracted.markdown
var title = models.Note.decodeTitle(note.title)
if (!fs.existsSync(config.tmpPath)) {
fs.mkdirSync(config.tmpPath)
}
var path = config.tmpPath + '/' + Date.now() + '.pdf'
content = content.replace(/\]\(\//g, '](' + url + '/')
markdownpdf().from.string(content).to(path, function () {
if (!fs.existsSync(path)) {
logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
return response.errorInternalError(res)
}
var stream = fs.createReadStream(path)
var filename = title
// Be careful of special characters
filename = encodeURIComponent(filename)
// Ideally this should strip them
res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
res.setHeader('Cache-Control', 'private')
res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
stream.pipe(res)
fs.unlinkSync(path)
})
}
function actionGist (req, res, note) {
var data = {
client_id: config.github.clientID,
redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
scope: 'gist',
state: shortId.generate()
}
var query = querystring.stringify(data)
res.redirect('https://github.com/login/oauth/authorize?' + query)
}
function actionRevision (req, res, note) {
var actionId = req.params.actionId
if (actionId) {
var time = moment(parseInt(actionId))
if (time.isValid()) {
models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
if (err) {
logger.error(err)
return response.errorInternalError(res)
}
if (!content) {
return response.errorNotFound(res)
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(content)
})
} else {
return response.errorNotFound(res)
}
} else {
models.Revision.getNoteRevisions(note, function (err, data) {
if (err) {
logger.error(err)
return response.errorInternalError(res)
}
var out = {
revision: data
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(out)
})
}
}
function noteActions (req, res, next) {
var noteId = req.params.noteId
findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'publish':
case 'pretty': // pretty deprecated
actionPublish(req, res, note)
break
case 'slide':
actionSlide(req, res, note)
break
case 'download':
actionDownload(req, res, note)
break
case 'info':
actionInfo(req, res, note)
break
case 'pdf':
if (config.allowPDFExport) {
actionPDF(req, res, note)
} else {
logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
response.errorForbidden(res)
}
break
case 'gist':
actionGist(req, res, note)
break
case 'revision':
actionRevision(req, res, note)
break
default:
return res.redirect(config.serverURL + '/' + noteId)
}
})
}
function publishNoteActions (req, res, next) {
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'download':
actionDownload(req, res, note)
noteActions.actionDownload(req, res, note)
break
case 'edit':
res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
@ -448,7 +172,7 @@ function publishNoteActions (req, res, next) {
}
function publishSlideActions (req, res, next) {
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'edit':
@ -463,7 +187,7 @@ function publishSlideActions (req, res, next) {
function githubActions (req, res, next) {
var noteId = req.params.noteId
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'gist':
@ -480,7 +204,7 @@ function githubActionGist (req, res, note) {
var code = req.query.code
var state = req.query.state
if (!code || !state) {
return response.errorForbidden(res)
return errors.errorForbidden(res)
} else {
var data = {
client_id: config.github.clientID,
@ -520,14 +244,14 @@ function githubActionGist (req, res, note) {
res.setHeader('referer', '')
res.redirect(body.html_url)
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
})
}
@ -535,7 +259,7 @@ function githubActionGist (req, res, note) {
function gitlabActions (req, res, next) {
var noteId = req.params.noteId
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'projects':
@ -555,7 +279,7 @@ function gitlabActionProjects (req, res, note) {
id: req.user.id
}
}).then(function (user) {
if (!user) { return response.errorNotFound(res) }
if (!user) { return errors.errorNotFound(res) }
var ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version }
ret.accesstoken = user.accessToken
ret.profileid = user.profileid
@ -572,10 +296,10 @@ function gitlabActionProjects (req, res, note) {
)
}).catch(function (err) {
logger.error('gitlab action projects failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
}
@ -587,13 +311,13 @@ function showPublishSlide (req, res, next) {
model: models.User,
as: 'lastchangeuser'
}]
findNote(req, res, function (note) {
noteUtil.findNote(req, res, function (note) {
// force to use short id
var shortid = req.params.shortid
if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) }
note.increment('viewcount').then(function (note) {
if (!note) {
return response.errorNotFound(res)
return errors.errorNotFound(res)
}
var body = note.content
var extracted = models.Note.extractMeta(body)
@ -625,7 +349,7 @@ function showPublishSlide (req, res, next) {
return renderPublishSlide(data, res)
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
}, include)
}

12
lib/web/auth/email/index.js
View file

@ -9,7 +9,7 @@ const models = require('../../../models')
const logger = require('../../../logger')
const { setReturnToFromReferer } = require('../utils')
const { urlencodedParser } = require('../../utils')
const response = require('../../../response')
const errors = require('../../../errors')
let emailAuth = module.exports = Router()
@ -39,8 +39,8 @@ passport.use(new LocalStrategy({
if (config.allowEmailRegister) {
emailAuth.post('/register', urlencodedParser, function (req, res, next) {
if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
models.User.findOrCreate({
where: {
email: req.body.email
@ -63,14 +63,14 @@ if (config.allowEmailRegister) {
return res.redirect(config.serverURL + '/')
}).catch(function (err) {
logger.error('auth callback failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
})
}
emailAuth.post('/login', urlencodedParser, function (req, res, next) {
if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
setReturnToFromReferer(req)
passport.authenticate('local', {
successReturnToOrRedirect: config.serverURL + '/',

4
lib/web/auth/ldap/index.js
View file

@ -8,7 +8,7 @@ const models = require('../../../models')
const logger = require('../../../logger')
const { setReturnToFromReferer } = require('../utils')
const { urlencodedParser } = require('../../utils')
const response = require('../../../response')
const errors = require('../../../errors')
let ldapAuth = module.exports = Router()
@ -81,7 +81,7 @@ passport.use(new LDAPStrategy({
}))
ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {
if (!req.body.username || !req.body.password) return response.errorBadRequest(res)
if (!req.body.username || !req.body.password) return errors.errorBadRequest(res)
setReturnToFromReferer(req)
passport.authenticate('ldapauth', {
successReturnToOrRedirect: config.serverURL + '/',

8
lib/web/baseRouter.js
View file

@ -6,17 +6,19 @@ const response = require('../response')
const baseRouter = module.exports = Router()
const errors = require('../errors')
// get index
baseRouter.get('/', response.showIndex)
// get 403 forbidden
baseRouter.get('/403', function (req, res) {
response.errorForbidden(res)
errors.errorForbidden(res)
})
// get 404 not found
baseRouter.get('/404', function (req, res) {
response.errorNotFound(res)
errors.errorNotFound(res)
})
// get 500 internal error
baseRouter.get('/500', function (req, res) {
response.errorInternalError(res)
errors.errorInternalError(res)
})

4
lib/web/imageRouter/index.js
View file

@ -5,7 +5,7 @@ const formidable = require('formidable')
const config = require('../../config')
const logger = require('../../logger')
const response = require('../../response')
const errors = require('../../errors')
const imageRouter = module.exports = Router()
@ -22,7 +22,7 @@ imageRouter.post('/uploadimage', function (req, res) {
form.parse(req, function (err, fields, files) {
if (err || !files.image || !files.image.path) {
logger.error(`formidable error: ${err}`)
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`)

4
lib/web/middleware/checkURIValid.js
View file

@ -1,14 +1,14 @@
'use strict'
const logger = require('../../logger')
const response = require('../../response')
const errors = require('../../errors')
module.exports = function (req, res, next) {
try {
decodeURIComponent(req.path)
} catch (err) {
logger.error(err)
return response.errorBadRequest(res)
return errors.errorBadRequest(res)
}
next()
}

4
lib/web/middleware/tooBusy.js
View file

@ -2,14 +2,14 @@
const toobusy = require('toobusy-js')
const response = require('../../response')
const errors = require('../../errors')
const config = require('../../config')
toobusy.maxLag(config.tooBusyLag)
module.exports = function (req, res, next) {
if (toobusy()) {
response.errorServiceUnavailable(res)
errors.errorServiceUnavailable(res)
} else {
next()
}

187
lib/web/note/actions.js Normal file
View file

@ -0,0 +1,187 @@
'use strict'
const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const error = require('../../errors')
const fs = require('fs')
const shortId = require('shortid')
const markdownpdf = require('markdown-pdf')
const moment = require('moment')
const querystring = require('querystring')
const noteUtil = require('./util')
exports.doAction = function (req, res, next) {
const noteId = req.params.noteId
noteUtil.findNote(req, res, function (note) {
const action = req.params.action
switch (action) {
case 'publish':
case 'pretty': // pretty deprecated
actionPublish(req, res, note)
break
case 'slide':
actionSlide(req, res, note)
break
case 'download':
exports.actionDownload(req, res, note)
break
case 'info':
actionInfo(req, res, note)
break
case 'pdf':
if (config.allowPDFExport) {
actionPDF(req, res, note)
} else {
logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
error.errorForbidden(res)
}
break
case 'gist':
actionGist(req, res, note)
break
case 'revision':
actionRevision(req, res, note)
break
default:
return res.redirect(config.serverURL + '/' + noteId)
}
})
}
function actionPublish (req, res, note) {
res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
}
function actionSlide (req, res, note) {
res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
}
exports.actionDownload = function (req, res, note) {
const body = note.content
let filename = models.Note.decodeTitle(note.title)
filename = encodeURIComponent(filename)
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Content-Type': 'text/markdown; charset=UTF-8',
'Cache-Control': 'private',
'Content-disposition': 'attachment; filename=' + filename + '.md',
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(body)
}
function actionInfo (req, res, note) {
const body = note.content
const extracted = models.Note.extractMeta(body)
const markdown = extracted.markdown
const meta = models.Note.parseMeta(extracted.meta)
const createtime = note.createdAt
const updatetime = note.lastchangeAt
const title = models.Note.decodeTitle(note.title)
const data = {
title: meta.title || title,
description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
viewcount: note.viewcount,
createtime: createtime,
updatetime: updatetime
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(data)
}
function actionPDF (req, res, note) {
const url = config.serverURL || 'http://' + req.get('host')
const body = note.content
const extracted = models.Note.extractMeta(body)
let content = extracted.markdown
const title = models.Note.decodeTitle(note.title)
if (!fs.existsSync(config.tmpPath)) {
fs.mkdirSync(config.tmpPath)
}
const path = config.tmpPath + '/' + Date.now() + '.pdf'
content = content.replace(/\]\(\//g, '](' + url + '/')
markdownpdf().from.string(content).to(path, function () {
if (!fs.existsSync(path)) {
logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
return error.errorInternalError(res)
}
const stream = fs.createReadStream(path)
let filename = title
// Be careful of special characters
filename = encodeURIComponent(filename)
// Ideally this should strip them
res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
res.setHeader('Cache-Control', 'private')
res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
stream.pipe(res)
fs.unlinkSync(path)
})
}
function actionGist (req, res, note) {
const data = {
client_id: config.github.clientID,
redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
scope: 'gist',
state: shortId.generate()
}
const query = querystring.stringify(data)
res.redirect('https://github.com/login/oauth/authorize?' + query)
}
function actionRevision (req, res, note) {
const actionId = req.params.actionId
if (actionId) {
const time = moment(parseInt(actionId))
if (time.isValid()) {
models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
if (err) {
logger.error(err)
return error.errorInternalError(res)
}
if (!content) {
return error.errorNotFound(res)
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(content)
})
} else {
return error.errorNotFound(res)
}
} else {
models.Revision.getNoteRevisions(note, function (err, data) {
if (err) {
logger.error(err)
return error.errorInternalError(res)
}
const out = {
revision: data
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(out)
})
}
}

32
lib/web/note/router.js Normal file
View file

@ -0,0 +1,32 @@
'use strict'
const Router = require('express').Router
const response = require('../../response')
const { markdownParser } = require('../utils')
const router = module.exports = Router()
const noteActions = require('./actions')
// get new note
router.get('/new', response.postNote)
// post new note with content
router.post('/new', markdownParser, response.postNote)
// post new note with content and alias
router.post('/new/:noteId', markdownParser, response.postNote)
// get publish note
router.get('/s/:shortid', response.showPublishNote)
// publish note actions
router.get('/s/:shortid/:action', response.publishNoteActions)
// get publish slide
router.get('/p/:shortid', response.showPublishSlide)
// publish slide actions
router.get('/p/:shortid/:action', response.publishSlideActions)
// get note by id
router.get('/:noteId', response.showNote)
// note actions
router.get('/:noteId/:action', noteActions.doAction)
// note actions with action id
router.get('/:noteId/:action/:actionId', noteActions.doAction)

67
lib/web/note/util.js Normal file
View file

@ -0,0 +1,67 @@
const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const errors = require('../../errors')
exports.findNote = function (req, res, callback, include) {
const id = req.params.noteId || req.params.shortid
models.Note.parseNoteId(id, function (err, _id) {
if (err) {
logger.error(err)
return errors.errorInternalError(res)
}
models.Note.findOne({
where: {
id: _id
},
include: include || null
}).then(function (note) {
if (!note) {
return exports.newNote(req, res, null)
}
if (!exports.checkViewPermission(req, note)) {
return errors.errorForbidden(res)
} else {
return callback(note)
}
}).catch(function (err) {
logger.error(err)
return errors.errorInternalError(res)
})
})
}
exports.checkViewPermission = function (req, note) {
if (note.permission === 'private') {
return !(!req.isAuthenticated() || note.ownerId !== req.user.id)
} else if (note.permission === 'limited' || note.permission === 'protected') {
return req.isAuthenticated()
} else {
return true
}
}
exports.newNote = function (req, res, body) {
let owner = null
const noteId = req.params.noteId ? req.params.noteId : null
if (req.isAuthenticated()) {
owner = req.user.id
} else if (!config.allowAnonymous) {
return errors.errorForbidden(res)
}
if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
req.alias = noteId
} else if (noteId) {
return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
}
models.Note.create({
ownerId: owner,
alias: req.alias ? req.alias : null,
content: body
}).then(function (note) {
return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
}).catch(function (err) {
logger.error(err)
return errors.errorInternalError(res)
})
}

30
lib/web/noteRouter.js
View file

@ -1,30 +0,0 @@
'use strict'
const Router = require('express').Router
const response = require('../response')
const { markdownParser } = require('./utils')
const noteRouter = module.exports = Router()
// get new note
noteRouter.get('/new', response.postNote)
// post new note with content
noteRouter.post('/new', markdownParser, response.postNote)
// post new note with content and alias
noteRouter.post('/new/:noteId', markdownParser, response.postNote)
// get publish note
noteRouter.get('/s/:shortid', response.showPublishNote)
// publish note actions
noteRouter.get('/s/:shortid/:action', response.publishNoteActions)
// get publish slide
noteRouter.get('/p/:shortid', response.showPublishSlide)
// publish slide actions
noteRouter.get('/p/:shortid/:action', response.publishSlideActions)
// get note by id
noteRouter.get('/:noteId', response.showNote)
// note actions
noteRouter.get('/:noteId/:action', response.noteActions)
// note actions with action id
noteRouter.get('/:noteId/:action/:actionId', response.noteActions)

18
lib/web/statusRouter.js
View file

@ -2,7 +2,7 @@
const Router = require('express').Router
const response = require('../response')
const errors = require('../errors')
const realtime = require('../realtime')
const config = require('../config')
const models = require('../models')
@ -27,11 +27,11 @@ statusRouter.get('/status', function (req, res, next) {
statusRouter.get('/temp', function (req, res) {
var host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
var tempid = req.query.tempid
if (!tempid) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
models.Temp.findOne({
where: {
@ -39,7 +39,7 @@ statusRouter.get('/temp', function (req, res) {
}
}).then(function (temp) {
if (!temp) {
response.errorNotFound(res)
errors.errorNotFound(res)
} else {
res.header('Access-Control-Allow-Origin', '*')
res.send({
@ -53,7 +53,7 @@ statusRouter.get('/temp', function (req, res) {
}
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
}
}
@ -62,11 +62,11 @@ statusRouter.get('/temp', function (req, res) {
statusRouter.post('/temp', urlencodedParser, function (req, res) {
var host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
var data = req.body.data
if (!data) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
logger.debug(`SERVER received temp from [${host}]: ${req.body.data}`)
models.Temp.create({
@ -79,11 +79,11 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) {
id: temp.id
})
} else {
response.errorInternalError(res)
errors.errorInternalError(res)
}
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
}
}

22
lib/web/userRouter.js
View file

@ -4,7 +4,7 @@ const archiver = require('archiver')
const async = require('async')
const Router = require('express').Router
const response = require('../response')
const errors = require('../errors')
const config = require('../config')
const models = require('../models')
const logger = require('../logger')
@ -20,7 +20,7 @@ UserRouter.get('/me', function (req, res) {
id: req.user.id
}
}).then(function (user) {
if (!user) { return response.errorNotFound(res) }
if (!user) { return errors.errorNotFound(res) }
var profile = models.User.getProfile(user)
res.send({
status: 'ok',
@ -30,7 +30,7 @@ UserRouter.get('/me', function (req, res) {
})
}).catch(function (err) {
logger.error('read me failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
res.send({
@ -48,21 +48,21 @@ UserRouter.get('/me/delete/:token?', function (req, res) {
}
}).then(function (user) {
if (!user) {
return response.errorNotFound(res)
return errors.errorNotFound(res)
}
if (user.deleteToken === req.params.token) {
user.destroy().then(function () {
res.redirect(config.serverURL + '/')
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
}).catch(function (err) {
logger.error('delete user failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
})
@ -78,7 +78,7 @@ UserRouter.get('/me/export', function (req, res) {
archive.pipe(res)
archive.on('error', function (err) {
logger.error('export user data failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
models.User.findOne({
where: {
@ -107,7 +107,7 @@ UserRouter.get('/me/export', function (req, res) {
callback(null, null)
}, function (err) {
if (err) {
return response.errorInternalError(res)
return errors.errorInternalError(res)
}
archive.finalize()
@ -115,10 +115,10 @@ UserRouter.get('/me/export', function (req, res) {
})
}).catch(function (err) {
logger.error('export user data failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
})