diff options
| author | Max Wu | 2018-02-26 16:43:29 +0800 |
|---|---|---|
| committer | Max Wu | 2018-02-26 16:43:29 +0800 |
| commit | baa0418fb54fb8f158267f8e8b5f248232dc0a8f (patch) | |
| tree | 61d8b9b25a592c59e4a5cc6026e0f0280ef11367 | |
| parent | 912cce2b40689310333d6388fd82ff354051a7ac (diff) | |
Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
Diffstat (limited to '')
| -rw-r--r-- | lib/models/note.js | 27 | ||||
| -rw-r--r-- | lib/realtime.js | 3 | ||||
| -rw-r--r-- | lib/response.js | 11 | ||||
| -rw-r--r-- | package.json | 1 |
4 files changed, 34 insertions, 8 deletions
diff --git a/lib/models/note.js b/lib/models/note.js index 484f1a8c..e199a3db 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -3,6 +3,7 @@ var fs = require('fs') var path = require('path') var LZString = require('lz-string') +var base64url = require('base64url') var md = require('markdown-it')() var metaMarked = require('meta-marked') var cheerio = require('cheerio') @@ -114,6 +115,22 @@ module.exports = function (sequelize, DataTypes) { return false } }, + encodeNoteId: function (id) { + // remove dashes in UUID and encode in url-safe base64 + return base64url.encode(id.replace(/-/g, '')) + }, + decodeNoteId: function (encodedId) { + // decode from url-safe base64 + let id = base64url.decode(encodedId) + // add dashes between the UUID string parts + let idParts = [] + idParts.push(id.substr(0, 8)) + idParts.push(id.substr(8, 4)) + idParts.push(id.substr(12, 4)) + idParts.push(id.substr(16, 4)) + idParts.push(id.substr(20, 12)) + return idParts.join('-') + }, checkNoteIdValid: function (id) { var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i var result = id.match(uuidRegex) @@ -190,6 +207,16 @@ module.exports = function (sequelize, DataTypes) { return _callback(err, null) }) }, + parseNoteIdByBase64Url: function (_callback) { + // try to parse note id by base64url + try { + var id = Note.decodeNoteId(noteId) + if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } + } catch (err) { + return _callback(err, null) + } + }, + // parse note id by LZString is deprecated, here for compability parseNoteIdByLZString: function (_callback) { // try to parse note id by LZString Base64 try { diff --git a/lib/realtime.js b/lib/realtime.js index d6ba62b2..5ee9f8fd 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -5,7 +5,6 @@ var cookie = require('cookie') var cookieParser = require('cookie-parser') var url = require('url') var async = require('async') -var LZString = require('lz-string') var randomcolor = require('randomcolor') var Chance = require('chance') var chance = new Chance() @@ -703,7 +702,7 @@ function operationCallback (socket, operation) { } function updateHistory (userId, note, time) { - var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id) + var noteId = note.alias ? note.alias : models.Note.encodeNoteId(note.id) if (note.server) history.updateHistory(userId, noteId, note.server.document, time) } diff --git a/lib/response.js b/lib/response.js index 41e8c336..25b9fafc 100644 --- a/lib/response.js +++ b/lib/response.js @@ -3,7 +3,6 @@ // external modules var fs = require('fs') var markdownpdf = require('markdown-pdf') -var LZString = require('lz-string') var shortId = require('shortid') var querystring = require('querystring') var request = require('request') @@ -124,7 +123,7 @@ function newNote (req, res, next) { alias: req.alias ? req.alias : null, content: req.body ? req.body : '' }).then(function (note) { - return res.redirect(config.serverurl + '/' + LZString.compressToBase64(note.id)) + return res.redirect(config.serverurl + '/' + models.Note.encodeNoteId(note.id)) }).catch(function (err) { logger.error(err) return response.errorInternalError(res) @@ -179,7 +178,7 @@ function showNote (req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId - var id = LZString.compressToBase64(note.id) + var id = models.Note.encodeNoteId(note.id) if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverurl + '/' + (note.alias || id)) } return responseHackMD(res, note) }) @@ -321,7 +320,7 @@ function actionPDF (req, res, note) { function actionGist (req, res, note) { var data = { client_id: config.github.clientID, - redirect_uri: config.serverurl + '/auth/github/callback/' + LZString.compressToBase64(note.id) + '/gist', + redirect_uri: config.serverurl + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', scope: 'gist', state: shortId.generate() } @@ -418,7 +417,7 @@ function publishNoteActions (req, res, next) { var action = req.params.action switch (action) { case 'edit': - res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))) + res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) break default: res.redirect(config.serverurl + '/s/' + note.shortid) @@ -432,7 +431,7 @@ function publishSlideActions (req, res, next) { var action = req.params.action switch (action) { case 'edit': - res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))) + res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) break default: res.redirect(config.serverurl + '/p/' + note.shortid) diff --git a/package.json b/package.json index ba8b05d7..beb01122 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "Idle.Js": "git+https://github.com/shawnmclean/Idle.js", "async": "^2.1.4", "aws-sdk": "^2.7.20", + "base64url": "^2.0.0", "blueimp-md5": "^2.6.0", "body-parser": "^1.15.2", "bootstrap": "^3.3.7", |