Move note actions to their own file.

Because of circular import problems, this commit also moves the error messages from response.js to errors.js

Signed-off-by: David Mehren <dmehren1@gmail.com>

app.js

@@ -22,7 +22,7 @@ var flash = require('connect-flash')
 // core
 var config = require('./lib/config')
 var logger = require('./lib/logger')
-var response = require('./lib/response')
+var errors = require('./lib/errors')
 var models = require('./lib/models')
 var csp = require('./lib/csp')
 
@@ -212,11 +212,11 @@ app.use(require('./lib/web/auth'))
 app.use(require('./lib/web/historyRouter'))
 app.use(require('./lib/web/userRouter'))
 app.use(require('./lib/web/imageRouter'))
-app.use(require('./lib/web/noteRouter'))
+app.use(require('./lib/web/note/router'))
 
 // response not found if no any route matxches
 app.get('*', function (req, res) {
-  response.errorNotFound(res)
+  errors.errorNotFound(res)
 })
 
 // socket.io secure

lib/errors.js

@@ -0,0 +1,38 @@
+const config = require('./config')
+
+module.exports = {
+  errorForbidden: function (res) {
+    const { req } = res
+    if (req.user) {
+      responseError(res, '403', 'Forbidden', 'oh no.')
+    } else {
+      req.flash('error', 'You are not allowed to access this page. Maybe try logging in?')
+      res.redirect(config.serverURL + '/')
+    }
+  },
+  errorNotFound: function (res) {
+    responseError(res, '404', 'Not Found', 'oops.')
+  },
+  errorBadRequest: function (res) {
+    responseError(res, '400', 'Bad Request', 'something not right.')
+  },
+  errorTooLong: function (res) {
+    responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
+  },
+  errorInternalError: function (res) {
+    responseError(res, '500', 'Internal Error', 'wtf.')
+  },
+  errorServiceUnavailable: function (res) {
+    res.status(503).send('I\'m busy right now, try again later.')
+  }
+}
+
+function responseError (res, code, detail, msg) {
+  res.status(code).render('error.ejs', {
+    title: code + ' ' + detail + ' ' + msg,
+    code: code,
+    detail: detail,
+    msg: msg,
+    opengraph: []
+  })
+}

lib/history.js

@@ -5,8 +5,8 @@ var LZString = require('lz-string')
 
 // core
 var logger = require('./logger')
-var response = require('./response')
 var models = require('./models')
+const errors = require('./errors')
 
 // public
 var History = {
@@ -121,14 +121,14 @@ function parseHistoryToObject (history) {
 function historyGet (req, res) {
   if (req.isAuthenticated()) {
     getHistory(req.user.id, function (err, history) {
-      if (err) return response.errorInternalError(res)
+      if (err) return errors.errorInternalError(res)
-      if (!history) return response.errorNotFound(res)
+      if (!history) return errors.errorNotFound(res)
       res.send({
         history: parseHistoryToArray(history)
       })
     })
   } else {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   }
 }
 
@@ -136,40 +136,40 @@ function historyPost (req, res) {
   if (req.isAuthenticated()) {
     var noteId = req.params.noteId
     if (!noteId) {
-      if (typeof req.body['history'] === 'undefined') return response.errorBadRequest(res)
+      if (typeof req.body['history'] === 'undefined') return errors.errorBadRequest(res)
       logger.debug(`SERVER received history from [${req.user.id}]: ${req.body.history}`)
       try {
         var history = JSON.parse(req.body.history)
       } catch (err) {
-        return response.errorBadRequest(res)
+        return errors.errorBadRequest(res)
       }
       if (Array.isArray(history)) {
         setHistory(req.user.id, history, function (err, count) {
-          if (err) return response.errorInternalError(res)
+          if (err) return errors.errorInternalError(res)
           res.end()
         })
       } else {
-        return response.errorBadRequest(res)
+        return errors.errorBadRequest(res)
       }
     } else {
-      if (typeof req.body['pinned'] === 'undefined') return response.errorBadRequest(res)
+      if (typeof req.body['pinned'] === 'undefined') return errors.errorBadRequest(res)
       getHistory(req.user.id, function (err, history) {
-        if (err) return response.errorInternalError(res)
+        if (err) return errors.errorInternalError(res)
-        if (!history) return response.errorNotFound(res)
+        if (!history) return errors.errorNotFound(res)
-        if (!history[noteId]) return response.errorNotFound(res)
+        if (!history[noteId]) return errors.errorNotFound(res)
         if (req.body.pinned === 'true' || req.body.pinned === 'false') {
           history[noteId].pinned = (req.body.pinned === 'true')
           setHistory(req.user.id, history, function (err, count) {
-            if (err) return response.errorInternalError(res)
+            if (err) return errors.errorInternalError(res)
             res.end()
           })
         } else {
-          return response.errorBadRequest(res)
+          return errors.errorBadRequest(res)
         }
       })
     }
   } else {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   }
 }
 
@@ -178,22 +178,22 @@ function historyDelete (req, res) {
     var noteId = req.params.noteId
     if (!noteId) {
       setHistory(req.user.id, [], function (err, count) {
-        if (err) return response.errorInternalError(res)
+        if (err) return errors.errorInternalError(res)
         res.end()
       })
     } else {
       getHistory(req.user.id, function (err, history) {
-        if (err) return response.errorInternalError(res)
+        if (err) return errors.errorInternalError(res)
-        if (!history) return response.errorNotFound(res)
+        if (!history) return errors.errorNotFound(res)
         delete history[noteId]
         setHistory(req.user.id, history, function (err, count) {
-          if (err) return response.errorInternalError(res)
+          if (err) return errors.errorInternalError(res)
           res.end()
         })
       })
     }
   } else {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   }
 }
 

lib/response.js

@@ -3,49 +3,22 @@
 // external modules
 var fs = require('fs')
 var path = require('path')
-var markdownpdf = require('markdown-pdf')
-var shortId = require('shortid')
-var querystring = require('querystring')
 var request = require('request')
-var moment = require('moment')
-
 // core
 var config = require('./config')
 var logger = require('./logger')
 var models = require('./models')
 var utils = require('./utils')
+const noteUtil = require('./web/note/util')
+const noteActions = require('./web/note/actions')
+const errors = require('./errors')
 
 // public
 var response = {
-  errorForbidden: function (res) {
-    const { req } = res
-    if (req.user) {
-      responseError(res, '403', 'Forbidden', 'oh no.')
-    } else {
-      req.flash('error', 'You are not allowed to access this page. Maybe try logging in?')
-      res.redirect(config.serverURL + '/')
-    }
-  },
-  errorNotFound: function (res) {
-    responseError(res, '404', 'Not Found', 'oops.')
-  },
-  errorBadRequest: function (res) {
-    responseError(res, '400', 'Bad Request', 'something not right.')
-  },
-  errorTooLong: function (res) {
-    responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
-  },
-  errorInternalError: function (res) {
-    responseError(res, '500', 'Internal Error', 'wtf.')
-  },
-  errorServiceUnavailable: function (res) {
-    res.status(503).send("I'm busy right now, try again later.")
-  },
   showNote: showNote,
   showPublishNote: showPublishNote,
   showPublishSlide: showPublishSlide,
   showIndex: showIndex,
-  noteActions: noteActions,
   postNote: postNote,
   publishNoteActions: publishNoteActions,
   publishSlideActions: publishSlideActions,
@@ -53,16 +26,6 @@ var response = {
   gitlabActions: gitlabActions
 }
 
-function responseError (res, code, detail, msg) {
-  res.status(code).render('error.ejs', {
-    title: code + ' ' + detail + ' ' + msg,
-    code: code,
-    detail: detail,
-    msg: msg,
-    opengraph: []
-  })
-}
-
 function showIndex (req, res, next) {
   var authStatus = req.isAuthenticated()
   var deleteToken = ''
@@ -113,79 +76,16 @@ function responseCodiMD (res, note) {
 function postNote (req, res, next) {
   var body = ''
   if (req.body && req.body.length > config.documentMaxLength) {
-    return response.errorTooLong(res)
+    return errors.errorTooLong(res)
   } else if (req.body) {
     body = req.body
   }
   body = body.replace(/[\r]/g, '')
-  return newNote(req, res, body)
+  return noteUtil.newNote(req, res, body)
-}
-
-function newNote (req, res, body) {
-  var owner = null
-  var noteId = req.params.noteId ? req.params.noteId : null
-  if (req.isAuthenticated()) {
-    owner = req.user.id
-  } else if (!config.allowAnonymous) {
-    return response.errorForbidden(res)
-  }
-  if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
-    req.alias = noteId
-  } else if (noteId) {
-    return req.method === 'POST' ? response.errorForbidden(res) : response.errorNotFound(res)
-  }
-  models.Note.create({
-    ownerId: owner,
-    alias: req.alias ? req.alias : null,
-    content: body
-  }).then(function (note) {
-    return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
-  }).catch(function (err) {
-    logger.error(err)
-    return response.errorInternalError(res)
-  })
-}
-
-function checkViewPermission (req, note) {
-  if (note.permission === 'private') {
-    if (!req.isAuthenticated() || note.ownerId !== req.user.id) { return false } else { return true }
-  } else if (note.permission === 'limited' || note.permission === 'protected') {
-    if (!req.isAuthenticated()) { return false } else { return true }
-  } else {
-    return true
-  }
-}
-
-function findNote (req, res, callback, include) {
-  var id = req.params.noteId || req.params.shortid
-  models.Note.parseNoteId(id, function (err, _id) {
-    if (err) {
-      logger.error(err)
-      return response.errorInternalError(res)
-    }
-    models.Note.findOne({
-      where: {
-        id: _id
-      },
-      include: include || null
-    }).then(function (note) {
-      if (!note) {
-        return newNote(req, res, null)
-      }
-      if (!checkViewPermission(req, note)) {
-        return response.errorForbidden(res)
-      } else {
-        return callback(note)
-      }
-    }).catch(function (err) {
-      logger.error(err)
-      return response.errorInternalError(res)
-    })
-  })
 }
 
 function showNote (req, res, next) {
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     // force to use note id
     var noteId = req.params.noteId
     var id = models.Note.encodeNoteId(note.id)
@@ -202,7 +102,7 @@ function showPublishNote (req, res, next) {
     model: models.User,
     as: 'lastchangeuser'
   }]
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     // force to use short id
     var shortid = req.params.shortid
     if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
@@ -210,7 +110,7 @@ function showPublishNote (req, res, next) {
     }
     note.increment('viewcount').then(function (note) {
       if (!note) {
-        return response.errorNotFound(res)
+        return errors.errorNotFound(res)
       }
       var body = note.content
       var extracted = models.Note.extractMeta(body)
@@ -242,7 +142,7 @@ function showPublishNote (req, res, next) {
       return renderPublish(data, res)
     }).catch(function (err) {
       logger.error(err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   }, include)
 }
@@ -254,188 +154,12 @@ function renderPublish (data, res) {
   res.render('pretty.ejs', data)
 }
 
-function actionPublish (req, res, note) {
-  res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
-}
-
-function actionSlide (req, res, note) {
-  res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
-}
-
-function actionDownload (req, res, note) {
-  var body = note.content
-  var title = models.Note.decodeTitle(note.title)
-  var filename = title
-  filename = encodeURIComponent(filename)
-  res.set({
-    'Access-Control-Allow-Origin': '*', // allow CORS as API
-    'Access-Control-Allow-Headers': 'Range',
-    'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
-    'Content-Type': 'text/markdown; charset=UTF-8',
-    'Cache-Control': 'private',
-    'Content-disposition': 'attachment; filename=' + filename + '.md',
-    'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
-  })
-  res.send(body)
-}
-
-function actionInfo (req, res, note) {
-  var body = note.content
-  var extracted = models.Note.extractMeta(body)
-  var markdown = extracted.markdown
-  var meta = models.Note.parseMeta(extracted.meta)
-  var createtime = note.createdAt
-  var updatetime = note.lastchangeAt
-  var title = models.Note.decodeTitle(note.title)
-  var data = {
-    title: meta.title || title,
-    description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
-    viewcount: note.viewcount,
-    createtime: createtime,
-    updatetime: updatetime
-  }
-  res.set({
-    'Access-Control-Allow-Origin': '*', // allow CORS as API
-    'Access-Control-Allow-Headers': 'Range',
-    'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
-    'Cache-Control': 'private', // only cache by client
-    'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
-  })
-  res.send(data)
-}
-
-function actionPDF (req, res, note) {
-  var url = config.serverURL || 'http://' + req.get('host')
-  var body = note.content
-  var extracted = models.Note.extractMeta(body)
-  var content = extracted.markdown
-  var title = models.Note.decodeTitle(note.title)
-
-  if (!fs.existsSync(config.tmpPath)) {
-    fs.mkdirSync(config.tmpPath)
-  }
-  var path = config.tmpPath + '/' + Date.now() + '.pdf'
-  content = content.replace(/\]\(\//g, '](' + url + '/')
-  markdownpdf().from.string(content).to(path, function () {
-    if (!fs.existsSync(path)) {
-      logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
-      return response.errorInternalError(res)
-    }
-    var stream = fs.createReadStream(path)
-    var filename = title
-    // Be careful of special characters
-    filename = encodeURIComponent(filename)
-    // Ideally this should strip them
-    res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
-    res.setHeader('Cache-Control', 'private')
-    res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
-    res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
-    stream.pipe(res)
-    fs.unlinkSync(path)
-  })
-}
-
-function actionGist (req, res, note) {
-  var data = {
-    client_id: config.github.clientID,
-    redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
-    scope: 'gist',
-    state: shortId.generate()
-  }
-  var query = querystring.stringify(data)
-  res.redirect('https://github.com/login/oauth/authorize?' + query)
-}
-
-function actionRevision (req, res, note) {
-  var actionId = req.params.actionId
-  if (actionId) {
-    var time = moment(parseInt(actionId))
-    if (time.isValid()) {
-      models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
-        if (err) {
-          logger.error(err)
-          return response.errorInternalError(res)
-        }
-        if (!content) {
-          return response.errorNotFound(res)
-        }
-        res.set({
-          'Access-Control-Allow-Origin': '*', // allow CORS as API
-          'Access-Control-Allow-Headers': 'Range',
-          'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
-          'Cache-Control': 'private', // only cache by client
-          'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
-        })
-        res.send(content)
-      })
-    } else {
-      return response.errorNotFound(res)
-    }
-  } else {
-    models.Revision.getNoteRevisions(note, function (err, data) {
-      if (err) {
-        logger.error(err)
-        return response.errorInternalError(res)
-      }
-      var out = {
-        revision: data
-      }
-      res.set({
-        'Access-Control-Allow-Origin': '*', // allow CORS as API
-        'Access-Control-Allow-Headers': 'Range',
-        'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
-        'Cache-Control': 'private', // only cache by client
-        'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
-      })
-      res.send(out)
-    })
-  }
-}
-
-function noteActions (req, res, next) {
-  var noteId = req.params.noteId
-  findNote(req, res, function (note) {
-    var action = req.params.action
-    switch (action) {
-      case 'publish':
-      case 'pretty': // pretty deprecated
-        actionPublish(req, res, note)
-        break
-      case 'slide':
-        actionSlide(req, res, note)
-        break
-      case 'download':
-        actionDownload(req, res, note)
-        break
-      case 'info':
-        actionInfo(req, res, note)
-        break
-      case 'pdf':
-        if (config.allowPDFExport) {
-          actionPDF(req, res, note)
-        } else {
-          logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
-          response.errorForbidden(res)
-        }
-        break
-      case 'gist':
-        actionGist(req, res, note)
-        break
-      case 'revision':
-        actionRevision(req, res, note)
-        break
-      default:
-        return res.redirect(config.serverURL + '/' + noteId)
-    }
-  })
-}
-
 function publishNoteActions (req, res, next) {
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     var action = req.params.action
     switch (action) {
       case 'download':
-        actionDownload(req, res, note)
+        noteActions.actionDownload(req, res, note)
         break
       case 'edit':
         res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
@@ -448,7 +172,7 @@ function publishNoteActions (req, res, next) {
 }
 
 function publishSlideActions (req, res, next) {
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     var action = req.params.action
     switch (action) {
       case 'edit':
@@ -463,7 +187,7 @@ function publishSlideActions (req, res, next) {
 
 function githubActions (req, res, next) {
   var noteId = req.params.noteId
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     var action = req.params.action
     switch (action) {
       case 'gist':
@@ -480,7 +204,7 @@ function githubActionGist (req, res, note) {
   var code = req.query.code
   var state = req.query.state
   if (!code || !state) {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   } else {
     var data = {
       client_id: config.github.clientID,
@@ -520,14 +244,14 @@ function githubActionGist (req, res, note) {
               res.setHeader('referer', '')
               res.redirect(body.html_url)
             } else {
-              return response.errorForbidden(res)
+              return errors.errorForbidden(res)
             }
           })
         } else {
-          return response.errorForbidden(res)
+          return errors.errorForbidden(res)
         }
       } else {
-        return response.errorForbidden(res)
+        return errors.errorForbidden(res)
       }
     })
   }
@@ -535,7 +259,7 @@ function githubActionGist (req, res, note) {
 
 function gitlabActions (req, res, next) {
   var noteId = req.params.noteId
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     var action = req.params.action
     switch (action) {
       case 'projects':
@@ -555,7 +279,7 @@ function gitlabActionProjects (req, res, note) {
         id: req.user.id
       }
     }).then(function (user) {
-      if (!user) { return response.errorNotFound(res) }
+      if (!user) { return errors.errorNotFound(res) }
       var ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version }
       ret.accesstoken = user.accessToken
       ret.profileid = user.profileid
@@ -572,10 +296,10 @@ function gitlabActionProjects (req, res, note) {
       )
     }).catch(function (err) {
       logger.error('gitlab action projects failed: ' + err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   } else {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   }
 }
 
@@ -587,13 +311,13 @@ function showPublishSlide (req, res, next) {
     model: models.User,
     as: 'lastchangeuser'
   }]
-  findNote(req, res, function (note) {
+  noteUtil.findNote(req, res, function (note) {
     // force to use short id
     var shortid = req.params.shortid
     if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) }
     note.increment('viewcount').then(function (note) {
       if (!note) {
-        return response.errorNotFound(res)
+        return errors.errorNotFound(res)
       }
       var body = note.content
       var extracted = models.Note.extractMeta(body)
@@ -625,7 +349,7 @@ function showPublishSlide (req, res, next) {
       return renderPublishSlide(data, res)
     }).catch(function (err) {
       logger.error(err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   }, include)
 }

lib/web/auth/email/index.js

@@ -9,7 +9,7 @@ const models = require('../../../models')
 const logger = require('../../../logger')
 const { setReturnToFromReferer } = require('../utils')
 const { urlencodedParser } = require('../../utils')
-const response = require('../../../response')
+const errors = require('../../../errors')
 
 let emailAuth = module.exports = Router()
 
@@ -39,8 +39,8 @@ passport.use(new LocalStrategy({
 
 if (config.allowEmailRegister) {
   emailAuth.post('/register', urlencodedParser, function (req, res, next) {
-    if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
+    if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
-    if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
+    if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
     models.User.findOrCreate({
       where: {
         email: req.body.email
@@ -63,14 +63,14 @@ if (config.allowEmailRegister) {
       return res.redirect(config.serverURL + '/')
     }).catch(function (err) {
       logger.error('auth callback failed: ' + err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   })
 }
 
 emailAuth.post('/login', urlencodedParser, function (req, res, next) {
-  if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
+  if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
-  if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
+  if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
   setReturnToFromReferer(req)
   passport.authenticate('local', {
     successReturnToOrRedirect: config.serverURL + '/',

lib/web/auth/ldap/index.js

@@ -8,7 +8,7 @@ const models = require('../../../models')
 const logger = require('../../../logger')
 const { setReturnToFromReferer } = require('../utils')
 const { urlencodedParser } = require('../../utils')
-const response = require('../../../response')
+const errors = require('../../../errors')
 
 let ldapAuth = module.exports = Router()
 
@@ -81,7 +81,7 @@ passport.use(new LDAPStrategy({
 }))
 
 ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {
-  if (!req.body.username || !req.body.password) return response.errorBadRequest(res)
+  if (!req.body.username || !req.body.password) return errors.errorBadRequest(res)
   setReturnToFromReferer(req)
   passport.authenticate('ldapauth', {
     successReturnToOrRedirect: config.serverURL + '/',

lib/web/baseRouter.js

@@ -6,17 +6,19 @@ const response = require('../response')
 
 const baseRouter = module.exports = Router()
 
+const errors = require('../errors')
+
 // get index
 baseRouter.get('/', response.showIndex)
 // get 403 forbidden
 baseRouter.get('/403', function (req, res) {
-  response.errorForbidden(res)
+  errors.errorForbidden(res)
 })
 // get 404 not found
 baseRouter.get('/404', function (req, res) {
-  response.errorNotFound(res)
+  errors.errorNotFound(res)
 })
 // get 500 internal error
 baseRouter.get('/500', function (req, res) {
-  response.errorInternalError(res)
+  errors.errorInternalError(res)
 })

lib/web/imageRouter/index.js

@@ -5,7 +5,7 @@ const formidable = require('formidable')
 
 const config = require('../../config')
 const logger = require('../../logger')
-const response = require('../../response')
+const errors = require('../../errors')
 
 const imageRouter = module.exports = Router()
 
@@ -22,7 +22,7 @@ imageRouter.post('/uploadimage', function (req, res) {
   form.parse(req, function (err, fields, files) {
     if (err || !files.image || !files.image.path) {
       logger.error(`formidable error: ${err}`)
-      response.errorForbidden(res)
+      errors.errorForbidden(res)
     } else {
       logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`)
 

lib/web/middleware/checkURIValid.js

@@ -1,14 +1,14 @@
 'use strict'
 
 const logger = require('../../logger')
-const response = require('../../response')
+const errors = require('../../errors')
 
 module.exports = function (req, res, next) {
   try {
     decodeURIComponent(req.path)
   } catch (err) {
     logger.error(err)
-    return response.errorBadRequest(res)
+    return errors.errorBadRequest(res)
   }
   next()
 }

lib/web/middleware/tooBusy.js

@@ -2,14 +2,14 @@
 
 const toobusy = require('toobusy-js')
 
-const response = require('../../response')
+const errors = require('../../errors')
 const config = require('../../config')
 
 toobusy.maxLag(config.tooBusyLag)
 
 module.exports = function (req, res, next) {
   if (toobusy()) {
-    response.errorServiceUnavailable(res)
+    errors.errorServiceUnavailable(res)
   } else {
     next()
   }

lib/web/note/actions.js

@@ -0,0 +1,187 @@
+'use strict'
+
+const models = require('../../models')
+const logger = require('../../logger')
+const config = require('../../config')
+const error = require('../../errors')
+const fs = require('fs')
+const shortId = require('shortid')
+const markdownpdf = require('markdown-pdf')
+const moment = require('moment')
+const querystring = require('querystring')
+const noteUtil = require('./util')
+
+exports.doAction = function (req, res, next) {
+  const noteId = req.params.noteId
+  noteUtil.findNote(req, res, function (note) {
+    const action = req.params.action
+    switch (action) {
+      case 'publish':
+      case 'pretty': // pretty deprecated
+        actionPublish(req, res, note)
+        break
+      case 'slide':
+        actionSlide(req, res, note)
+        break
+      case 'download':
+        exports.actionDownload(req, res, note)
+        break
+      case 'info':
+        actionInfo(req, res, note)
+        break
+      case 'pdf':
+        if (config.allowPDFExport) {
+          actionPDF(req, res, note)
+        } else {
+          logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
+          error.errorForbidden(res)
+        }
+        break
+      case 'gist':
+        actionGist(req, res, note)
+        break
+      case 'revision':
+        actionRevision(req, res, note)
+        break
+      default:
+        return res.redirect(config.serverURL + '/' + noteId)
+    }
+  })
+}
+
+function actionPublish (req, res, note) {
+  res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
+}
+
+function actionSlide (req, res, note) {
+  res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
+}
+
+exports.actionDownload = function (req, res, note) {
+  const body = note.content
+  let filename = models.Note.decodeTitle(note.title)
+  filename = encodeURIComponent(filename)
+  res.set({
+    'Access-Control-Allow-Origin': '*', // allow CORS as API
+    'Access-Control-Allow-Headers': 'Range',
+    'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+    'Content-Type': 'text/markdown; charset=UTF-8',
+    'Cache-Control': 'private',
+    'Content-disposition': 'attachment; filename=' + filename + '.md',
+    'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+  })
+  res.send(body)
+}
+
+function actionInfo (req, res, note) {
+  const body = note.content
+  const extracted = models.Note.extractMeta(body)
+  const markdown = extracted.markdown
+  const meta = models.Note.parseMeta(extracted.meta)
+  const createtime = note.createdAt
+  const updatetime = note.lastchangeAt
+  const title = models.Note.decodeTitle(note.title)
+  const data = {
+    title: meta.title || title,
+    description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
+    viewcount: note.viewcount,
+    createtime: createtime,
+    updatetime: updatetime
+  }
+  res.set({
+    'Access-Control-Allow-Origin': '*', // allow CORS as API
+    'Access-Control-Allow-Headers': 'Range',
+    'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+    'Cache-Control': 'private', // only cache by client
+    'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+  })
+  res.send(data)
+}
+
+function actionPDF (req, res, note) {
+  const url = config.serverURL || 'http://' + req.get('host')
+  const body = note.content
+  const extracted = models.Note.extractMeta(body)
+  let content = extracted.markdown
+  const title = models.Note.decodeTitle(note.title)
+
+  if (!fs.existsSync(config.tmpPath)) {
+    fs.mkdirSync(config.tmpPath)
+  }
+  const path = config.tmpPath + '/' + Date.now() + '.pdf'
+  content = content.replace(/\]\(\//g, '](' + url + '/')
+  markdownpdf().from.string(content).to(path, function () {
+    if (!fs.existsSync(path)) {
+      logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
+      return error.errorInternalError(res)
+    }
+    const stream = fs.createReadStream(path)
+    let filename = title
+    // Be careful of special characters
+    filename = encodeURIComponent(filename)
+    // Ideally this should strip them
+    res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
+    res.setHeader('Cache-Control', 'private')
+    res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
+    res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
+    stream.pipe(res)
+    fs.unlinkSync(path)
+  })
+}
+
+function actionGist (req, res, note) {
+  const data = {
+    client_id: config.github.clientID,
+    redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
+    scope: 'gist',
+    state: shortId.generate()
+  }
+  const query = querystring.stringify(data)
+  res.redirect('https://github.com/login/oauth/authorize?' + query)
+}
+
+function actionRevision (req, res, note) {
+  const actionId = req.params.actionId
+  if (actionId) {
+    const time = moment(parseInt(actionId))
+    if (time.isValid()) {
+      models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
+        if (err) {
+          logger.error(err)
+          return error.errorInternalError(res)
+        }
+        if (!content) {
+          return error.errorNotFound(res)
+        }
+        res.set({
+          'Access-Control-Allow-Origin': '*', // allow CORS as API
+          'Access-Control-Allow-Headers': 'Range',
+          'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+          'Cache-Control': 'private', // only cache by client
+          'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+        })
+        res.send(content)
+      })
+    } else {
+      return error.errorNotFound(res)
+    }
+  } else {
+    models.Revision.getNoteRevisions(note, function (err, data) {
+      if (err) {
+        logger.error(err)
+        return error.errorInternalError(res)
+      }
+      const out = {
+        revision: data
+      }
+      res.set({
+        'Access-Control-Allow-Origin': '*', // allow CORS as API
+        'Access-Control-Allow-Headers': 'Range',
+        'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+        'Cache-Control': 'private', // only cache by client
+        'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+      })
+      res.send(out)
+    })
+  }
+}

lib/web/note/router.js

@@ -0,0 +1,32 @@
+'use strict'
+
+const Router = require('express').Router
+
+const response = require('../../response')
+
+const { markdownParser } = require('../utils')
+
+const router = module.exports = Router()
+
+const noteActions = require('./actions')
+
+// get new note
+router.get('/new', response.postNote)
+// post new note with content
+router.post('/new', markdownParser, response.postNote)
+// post new note with content and alias
+router.post('/new/:noteId', markdownParser, response.postNote)
+// get publish note
+router.get('/s/:shortid', response.showPublishNote)
+// publish note actions
+router.get('/s/:shortid/:action', response.publishNoteActions)
+// get publish slide
+router.get('/p/:shortid', response.showPublishSlide)
+// publish slide actions
+router.get('/p/:shortid/:action', response.publishSlideActions)
+// get note by id
+router.get('/:noteId', response.showNote)
+// note actions
+router.get('/:noteId/:action', noteActions.doAction)
+// note actions with action id
+router.get('/:noteId/:action/:actionId', noteActions.doAction)

lib/web/note/util.js

@@ -0,0 +1,67 @@
+const models = require('../../models')
+const logger = require('../../logger')
+const config = require('../../config')
+const errors = require('../../errors')
+
+exports.findNote = function (req, res, callback, include) {
+  const id = req.params.noteId || req.params.shortid
+  models.Note.parseNoteId(id, function (err, _id) {
+    if (err) {
+      logger.error(err)
+      return errors.errorInternalError(res)
+    }
+    models.Note.findOne({
+      where: {
+        id: _id
+      },
+      include: include || null
+    }).then(function (note) {
+      if (!note) {
+        return exports.newNote(req, res, null)
+      }
+      if (!exports.checkViewPermission(req, note)) {
+        return errors.errorForbidden(res)
+      } else {
+        return callback(note)
+      }
+    }).catch(function (err) {
+      logger.error(err)
+      return errors.errorInternalError(res)
+    })
+  })
+}
+
+exports.checkViewPermission = function (req, note) {
+  if (note.permission === 'private') {
+    return !(!req.isAuthenticated() || note.ownerId !== req.user.id)
+  } else if (note.permission === 'limited' || note.permission === 'protected') {
+    return req.isAuthenticated()
+  } else {
+    return true
+  }
+}
+
+exports.newNote = function (req, res, body) {
+  let owner = null
+  const noteId = req.params.noteId ? req.params.noteId : null
+  if (req.isAuthenticated()) {
+    owner = req.user.id
+  } else if (!config.allowAnonymous) {
+    return errors.errorForbidden(res)
+  }
+  if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
+    req.alias = noteId
+  } else if (noteId) {
+    return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+  }
+  models.Note.create({
+    ownerId: owner,
+    alias: req.alias ? req.alias : null,
+    content: body
+  }).then(function (note) {
+    return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
+  }).catch(function (err) {
+    logger.error(err)
+    return errors.errorInternalError(res)
+  })
+}

lib/web/noteRouter.js

@@ -1,30 +0,0 @@
-'use strict'
-
-const Router = require('express').Router
-
-const response = require('../response')
-
-const { markdownParser } = require('./utils')
-
-const noteRouter = module.exports = Router()
-
-// get new note
-noteRouter.get('/new', response.postNote)
-// post new note with content
-noteRouter.post('/new', markdownParser, response.postNote)
-// post new note with content and alias
-noteRouter.post('/new/:noteId', markdownParser, response.postNote)
-// get publish note
-noteRouter.get('/s/:shortid', response.showPublishNote)
-// publish note actions
-noteRouter.get('/s/:shortid/:action', response.publishNoteActions)
-// get publish slide
-noteRouter.get('/p/:shortid', response.showPublishSlide)
-// publish slide actions
-noteRouter.get('/p/:shortid/:action', response.publishSlideActions)
-// get note by id
-noteRouter.get('/:noteId', response.showNote)
-// note actions
-noteRouter.get('/:noteId/:action', response.noteActions)
-// note actions with action id
-noteRouter.get('/:noteId/:action/:actionId', response.noteActions)

lib/web/statusRouter.js

@@ -2,7 +2,7 @@
 
 const Router = require('express').Router
 
-const response = require('../response')
+const errors = require('../errors')
 const realtime = require('../realtime')
 const config = require('../config')
 const models = require('../models')
@@ -27,11 +27,11 @@ statusRouter.get('/status', function (req, res, next) {
 statusRouter.get('/temp', function (req, res) {
   var host = req.get('host')
   if (config.allowOrigin.indexOf(host) === -1) {
-    response.errorForbidden(res)
+    errors.errorForbidden(res)
   } else {
     var tempid = req.query.tempid
     if (!tempid) {
-      response.errorForbidden(res)
+      errors.errorForbidden(res)
     } else {
       models.Temp.findOne({
         where: {
@@ -39,7 +39,7 @@ statusRouter.get('/temp', function (req, res) {
         }
       }).then(function (temp) {
         if (!temp) {
-          response.errorNotFound(res)
+          errors.errorNotFound(res)
         } else {
           res.header('Access-Control-Allow-Origin', '*')
           res.send({
@@ -53,7 +53,7 @@ statusRouter.get('/temp', function (req, res) {
         }
       }).catch(function (err) {
         logger.error(err)
-        return response.errorInternalError(res)
+        return errors.errorInternalError(res)
       })
     }
   }
@@ -62,11 +62,11 @@ statusRouter.get('/temp', function (req, res) {
 statusRouter.post('/temp', urlencodedParser, function (req, res) {
   var host = req.get('host')
   if (config.allowOrigin.indexOf(host) === -1) {
-    response.errorForbidden(res)
+    errors.errorForbidden(res)
   } else {
     var data = req.body.data
     if (!data) {
-      response.errorForbidden(res)
+      errors.errorForbidden(res)
     } else {
       logger.debug(`SERVER received temp from [${host}]: ${req.body.data}`)
       models.Temp.create({
@@ -79,11 +79,11 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) {
             id: temp.id
           })
         } else {
-          response.errorInternalError(res)
+          errors.errorInternalError(res)
         }
       }).catch(function (err) {
         logger.error(err)
-        return response.errorInternalError(res)
+        return errors.errorInternalError(res)
       })
     }
   }

lib/web/userRouter.js

@@ -4,7 +4,7 @@ const archiver = require('archiver')
 const async = require('async')
 const Router = require('express').Router
 
-const response = require('../response')
+const errors = require('../errors')
 const config = require('../config')
 const models = require('../models')
 const logger = require('../logger')
@@ -20,7 +20,7 @@ UserRouter.get('/me', function (req, res) {
         id: req.user.id
       }
     }).then(function (user) {
-      if (!user) { return response.errorNotFound(res) }
+      if (!user) { return errors.errorNotFound(res) }
       var profile = models.User.getProfile(user)
       res.send({
         status: 'ok',
@@ -30,7 +30,7 @@ UserRouter.get('/me', function (req, res) {
       })
     }).catch(function (err) {
       logger.error('read me failed: ' + err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   } else {
     res.send({
@@ -48,21 +48,21 @@ UserRouter.get('/me/delete/:token?', function (req, res) {
       }
     }).then(function (user) {
       if (!user) {
-        return response.errorNotFound(res)
+        return errors.errorNotFound(res)
       }
       if (user.deleteToken === req.params.token) {
         user.destroy().then(function () {
           res.redirect(config.serverURL + '/')
         })
       } else {
-        return response.errorForbidden(res)
+        return errors.errorForbidden(res)
       }
     }).catch(function (err) {
       logger.error('delete user failed: ' + err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   } else {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   }
 })
 
@@ -78,7 +78,7 @@ UserRouter.get('/me/export', function (req, res) {
     archive.pipe(res)
     archive.on('error', function (err) {
       logger.error('export user data failed: ' + err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
     models.User.findOne({
       where: {
@@ -107,7 +107,7 @@ UserRouter.get('/me/export', function (req, res) {
           callback(null, null)
         }, function (err) {
           if (err) {
-            return response.errorInternalError(res)
+            return errors.errorInternalError(res)
           }
 
           archive.finalize()
@@ -115,10 +115,10 @@ UserRouter.get('/me/export', function (req, res) {
       })
     }).catch(function (err) {
       logger.error('export user data failed: ' + err)
-      return response.errorInternalError(res)
+      return errors.errorInternalError(res)
     })
   } else {
-    return response.errorForbidden(res)
+    return errors.errorForbidden(res)
   }
 })