summaryrefslogtreecommitdiff
path: root/lib/web
diff options
context:
space:
mode:
authorDavid Mehren2021-02-16 20:15:15 +0100
committerGitHub2021-02-16 20:15:15 +0100
commit59819be34c2428450528362a5bbb74b6424d15d2 (patch)
treead80595f5dd94a7ac63bc1481943ae7b356ddb17 /lib/web
parent6b8fa94402539168a5bd574ddcc17eeae4910bd0 (diff)
parent136d895d155f28c2e75b3af206549acaa2a354ed (diff)
Merge pull request #872 from hedgedoc/renovate/master-major-linters
Diffstat (limited to 'lib/web')
-rw-r--r--lib/web/auth/dropbox/index.js2
-rw-r--r--lib/web/auth/email/index.js2
-rw-r--r--lib/web/auth/facebook/index.js2
-rw-r--r--lib/web/auth/github/index.js2
-rw-r--r--lib/web/auth/gitlab/index.js2
-rw-r--r--lib/web/auth/google/index.js4
-rw-r--r--lib/web/auth/ldap/index.js12
-rw-r--r--lib/web/auth/mattermost/index.js4
-rw-r--r--lib/web/auth/oauth2/index.js10
-rw-r--r--lib/web/auth/openid/index.js6
-rw-r--r--lib/web/auth/saml/index.js28
-rw-r--r--lib/web/auth/twitter/index.js2
-rw-r--r--lib/web/auth/utils.js4
-rw-r--r--lib/web/imageRouter/azure.js2
-rw-r--r--lib/web/imageRouter/index.js40
-rw-r--r--lib/web/imageRouter/minio.js8
-rw-r--r--lib/web/imageRouter/s3.js2
-rw-r--r--lib/web/statusRouter.js10
-rw-r--r--lib/web/userRouter.js10
19 files changed, 86 insertions, 66 deletions
diff --git a/lib/web/auth/dropbox/index.js b/lib/web/auth/dropbox/index.js
index aef011cb..c35f04e3 100644
--- a/lib/web/auth/dropbox/index.js
+++ b/lib/web/auth/dropbox/index.js
@@ -6,7 +6,7 @@ const DropboxStrategy = require('passport-dropbox-oauth2').Strategy
const config = require('../../../config')
const { passportGeneralCallback } = require('../utils')
-let dropboxAuth = module.exports = Router()
+const dropboxAuth = module.exports = Router()
passport.use(new DropboxStrategy({
apiVersion: '2',
diff --git a/lib/web/auth/email/index.js b/lib/web/auth/email/index.js
index 78ca933b..74922966 100644
--- a/lib/web/auth/email/index.js
+++ b/lib/web/auth/email/index.js
@@ -10,7 +10,7 @@ const logger = require('../../../logger')
const { urlencodedParser } = require('../../utils')
const errors = require('../../../errors')
-let emailAuth = module.exports = Router()
+const emailAuth = module.exports = Router()
passport.use(new LocalStrategy({
usernameField: 'email'
diff --git a/lib/web/auth/facebook/index.js b/lib/web/auth/facebook/index.js
index 0ba948bb..acf566eb 100644
--- a/lib/web/auth/facebook/index.js
+++ b/lib/web/auth/facebook/index.js
@@ -7,7 +7,7 @@ const FacebookStrategy = require('passport-facebook').Strategy
const config = require('../../../config')
const { passportGeneralCallback } = require('../utils')
-let facebookAuth = module.exports = Router()
+const facebookAuth = module.exports = Router()
passport.use(new FacebookStrategy({
clientID: config.facebook.clientID,
diff --git a/lib/web/auth/github/index.js b/lib/web/auth/github/index.js
index 3a3a84c6..c7f7e5d1 100644
--- a/lib/web/auth/github/index.js
+++ b/lib/web/auth/github/index.js
@@ -7,7 +7,7 @@ const config = require('../../../config')
const response = require('../../../response')
const { passportGeneralCallback } = require('../utils')
-let githubAuth = module.exports = Router()
+const githubAuth = module.exports = Router()
passport.use(new GithubStrategy({
clientID: config.github.clientID,
diff --git a/lib/web/auth/gitlab/index.js b/lib/web/auth/gitlab/index.js
index 1b628e81..11579bd1 100644
--- a/lib/web/auth/gitlab/index.js
+++ b/lib/web/auth/gitlab/index.js
@@ -7,7 +7,7 @@ const config = require('../../../config')
const response = require('../../../response')
const { passportGeneralCallback } = require('../utils')
-let gitlabAuth = module.exports = Router()
+const gitlabAuth = module.exports = Router()
passport.use(new GitlabStrategy({
baseURL: config.gitlab.baseURL,
diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js
index 6edf07a9..0262dedf 100644
--- a/lib/web/auth/google/index.js
+++ b/lib/web/auth/google/index.js
@@ -2,11 +2,11 @@
const Router = require('express').Router
const passport = require('passport')
-var GoogleStrategy = require('passport-google-oauth20').Strategy
+const GoogleStrategy = require('passport-google-oauth20').Strategy
const config = require('../../../config')
const { passportGeneralCallback } = require('../utils')
-let googleAuth = module.exports = Router()
+const googleAuth = module.exports = Router()
passport.use(new GoogleStrategy({
clientID: config.google.clientID,
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index b501106d..4142194f 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -9,7 +9,7 @@ const logger = require('../../../logger')
const { urlencodedParser } = require('../../utils')
const errors = require('../../../errors')
-let ldapAuth = module.exports = Router()
+const ldapAuth = module.exports = Router()
passport.use(new LDAPStrategy({
server: {
@@ -22,7 +22,7 @@ passport.use(new LDAPStrategy({
tlsOptions: config.ldap.tlsOptions || null
}
}, function (user, done) {
- var uuid = user.uidNumber || user.uid || user.sAMAccountName || undefined
+ let uuid = user.uidNumber || user.uid || user.sAMAccountName || undefined
if (config.ldap.useridField && user[config.ldap.useridField]) {
uuid = user[config.ldap.useridField]
}
@@ -34,12 +34,12 @@ passport.use(new LDAPStrategy({
'"useridField" option in ldap settings.')
}
- var username = uuid
+ let username = uuid
if (config.ldap.usernameField && user[config.ldap.usernameField]) {
username = user[config.ldap.usernameField]
}
- var profile = {
+ const profile = {
id: 'LDAP-' + uuid,
username: username,
displayName: user.displayName,
@@ -48,7 +48,7 @@ passport.use(new LDAPStrategy({
profileUrl: null,
provider: 'ldap'
}
- var stringifiedProfile = JSON.stringify(profile)
+ const stringifiedProfile = JSON.stringify(profile)
models.User.findOrCreate({
where: {
profileid: profile.id.toString()
@@ -58,7 +58,7 @@ passport.use(new LDAPStrategy({
}
}).spread(function (user, created) {
if (user) {
- var needSave = false
+ let needSave = false
if (user.profile !== stringifiedProfile) {
user.profile = stringifiedProfile
needSave = true
diff --git a/lib/web/auth/mattermost/index.js b/lib/web/auth/mattermost/index.js
index 78eca2af..2f15c812 100644
--- a/lib/web/auth/mattermost/index.js
+++ b/lib/web/auth/mattermost/index.js
@@ -9,9 +9,9 @@ const { passportGeneralCallback } = require('../utils')
const mattermost = new Mattermost.Client()
-let mattermostAuth = module.exports = Router()
+const mattermostAuth = module.exports = Router()
-let mattermostStrategy = new OAuthStrategy({
+const mattermostStrategy = new OAuthStrategy({
authorizationURL: config.mattermost.baseURL + '/oauth/authorize',
tokenURL: config.mattermost.baseURL + '/oauth/access_token',
clientID: config.mattermost.clientID,
diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js
index 9cb17f26..e9032e0b 100644
--- a/lib/web/auth/oauth2/index.js
+++ b/lib/web/auth/oauth2/index.js
@@ -7,7 +7,7 @@ const config = require('../../../config')
const logger = require('../../../logger')
const { passportGeneralCallback } = require('../utils')
-let oauth2Auth = module.exports = Router()
+const oauth2Auth = module.exports = Router()
class OAuth2CustomStrategy extends Strategy {
constructor (options, verify) {
@@ -20,7 +20,7 @@ class OAuth2CustomStrategy extends Strategy {
userProfile (accessToken, done) {
this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
- var json
+ let json
if (err) {
return done(new InternalOAuthError('Failed to fetch user profile', err))
@@ -33,7 +33,7 @@ class OAuth2CustomStrategy extends Strategy {
}
checkAuthorization(json, done)
- let profile = parseProfile(json)
+ const profile = parseProfile(json)
profile.provider = 'oauth2'
done(null, profile)
@@ -91,7 +91,7 @@ function checkAuthorization (data, done) {
OAuth2CustomStrategy.prototype.userProfile = function (accessToken, done) {
this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
- var json
+ let json
if (err) {
return done(new InternalOAuthError('Failed to fetch user profile', err))
@@ -104,7 +104,7 @@ OAuth2CustomStrategy.prototype.userProfile = function (accessToken, done) {
}
checkAuthorization(json, done)
- let profile = parseProfile(json)
+ const profile = parseProfile(json)
profile.provider = 'oauth2'
done(null, profile)
diff --git a/lib/web/auth/openid/index.js b/lib/web/auth/openid/index.js
index 28e164f5..84d0970c 100644
--- a/lib/web/auth/openid/index.js
+++ b/lib/web/auth/openid/index.js
@@ -8,14 +8,14 @@ const models = require('../../../models')
const logger = require('../../../logger')
const { urlencodedParser } = require('../../utils')
-let openIDAuth = module.exports = Router()
+const openIDAuth = module.exports = Router()
passport.use(new OpenIDStrategy({
returnURL: config.serverURL + '/auth/openid/callback',
realm: config.serverURL,
profile: true
}, function (openid, profile, done) {
- var stringifiedProfile = JSON.stringify(profile)
+ const stringifiedProfile = JSON.stringify(profile)
models.User.findOrCreate({
where: {
profileid: openid
@@ -25,7 +25,7 @@ passport.use(new OpenIDStrategy({
}
}).spread(function (user, created) {
if (user) {
- var needSave = false
+ let needSave = false
if (user.profile !== stringifiedProfile) {
user.profile = stringifiedProfile
needSave = true
diff --git a/lib/web/auth/saml/index.js b/lib/web/auth/saml/index.js
index c48b93e2..deb04007 100644
--- a/lib/web/auth/saml/index.js
+++ b/lib/web/auth/saml/index.js
@@ -10,19 +10,21 @@ const { urlencodedParser } = require('../../utils')
const fs = require('fs')
const intersection = function (array1, array2) { return array1.filter((n) => array2.includes(n)) }
-let samlAuth = module.exports = Router()
+const samlAuth = module.exports = Router()
passport.use(new SamlStrategy({
callbackUrl: config.serverURL + '/auth/saml/callback',
entryPoint: config.saml.idpSsoUrl,
issuer: config.saml.issuer || config.serverURL,
- privateCert: config.saml.clientCert === undefined ? undefined : (function () {
- try {
- return fs.readFileSync(config.saml.clientCert, 'utf-8')
- } catch (e) {
- logger.error(`SAML client certificate: ${e.message}`)
- }
- }()),
+ privateCert: config.saml.clientCert === undefined
+ ? undefined
+ : (function () {
+ try {
+ return fs.readFileSync(config.saml.clientCert, 'utf-8')
+ } catch (e) {
+ logger.error(`SAML client certificate: ${e.message}`)
+ }
+ }()),
cert: (function () {
try {
return fs.readFileSync(config.saml.idpCert, 'utf-8')
@@ -36,7 +38,7 @@ passport.use(new SamlStrategy({
}, function (user, done) {
// check authorization if needed
if (config.saml.externalGroups && config.saml.groupAttribute) {
- var externalGroups = intersection(config.saml.externalGroups, user[config.saml.groupAttribute])
+ const externalGroups = intersection(config.saml.externalGroups, user[config.saml.groupAttribute])
if (externalGroups.length > 0) {
logger.error('saml permission denied: ' + externalGroups.join(', '))
return done('Permission denied', null)
@@ -49,8 +51,8 @@ passport.use(new SamlStrategy({
}
}
// user creation
- var uuid = user[config.saml.attribute.id] || user.nameID
- var profile = {
+ const uuid = user[config.saml.attribute.id] || user.nameID
+ const profile = {
provider: 'saml',
id: 'SAML-' + uuid,
username: user[config.saml.attribute.username] || user.nameID,
@@ -59,7 +61,7 @@ passport.use(new SamlStrategy({
if (profile.emails.length === 0 && config.saml.identifierFormat === 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress') {
profile.emails.push(user.nameID)
}
- var stringifiedProfile = JSON.stringify(profile)
+ const stringifiedProfile = JSON.stringify(profile)
models.User.findOrCreate({
where: {
profileid: profile.id.toString()
@@ -69,7 +71,7 @@ passport.use(new SamlStrategy({
}
}).spread(function (user, created) {
if (user) {
- var needSave = false
+ let needSave = false
if (user.profile !== stringifiedProfile) {
user.profile = stringifiedProfile
needSave = true
diff --git a/lib/web/auth/twitter/index.js b/lib/web/auth/twitter/index.js
index 56389f84..76744e09 100644
--- a/lib/web/auth/twitter/index.js
+++ b/lib/web/auth/twitter/index.js
@@ -7,7 +7,7 @@ const TwitterStrategy = require('passport-twitter').Strategy
const config = require('../../../config')
const { passportGeneralCallback } = require('../utils')
-let twitterAuth = module.exports = Router()
+const twitterAuth = module.exports = Router()
passport.use(new TwitterStrategy({
consumerKey: config.twitter.consumerKey,
diff --git a/lib/web/auth/utils.js b/lib/web/auth/utils.js
index fb69f08c..bb69f15f 100644
--- a/lib/web/auth/utils.js
+++ b/lib/web/auth/utils.js
@@ -4,7 +4,7 @@ const models = require('../../models')
const logger = require('../../logger')
exports.passportGeneralCallback = function callback (accessToken, refreshToken, profile, done) {
- var stringifiedProfile = JSON.stringify(profile)
+ const stringifiedProfile = JSON.stringify(profile)
models.User.findOrCreate({
where: {
profileid: profile.id.toString()
@@ -16,7 +16,7 @@ exports.passportGeneralCallback = function callback (accessToken, refreshToken,
}
}).spread(function (user, created) {
if (user) {
- var needSave = false
+ let needSave = false
if (user.profile !== stringifiedProfile) {
user.profile = stringifiedProfile
needSave = true
diff --git a/lib/web/imageRouter/azure.js b/lib/web/imageRouter/azure.js
index 22ee5585..c56ac860 100644
--- a/lib/web/imageRouter/azure.js
+++ b/lib/web/imageRouter/azure.js
@@ -17,7 +17,7 @@ exports.uploadImage = function (imagePath, callback) {
return
}
- var azureBlobService = azure.createBlobService(config.azure.connectionString)
+ const azureBlobService = azure.createBlobService(config.azure.connectionString)
azureBlobService.createContainerIfNotExists(config.azure.container, { publicAccessLevel: 'blob' }, function (err, result, response) {
if (err) {
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
index afa9bbf6..0a72c65c 100644
--- a/lib/web/imageRouter/index.js
+++ b/lib/web/imageRouter/index.js
@@ -12,20 +12,28 @@ const config = require('../../config')
const logger = require('../../logger')
const errors = require('../../errors')
-const imageRouter = module.exports = Router()
+const imageRouter = (module.exports = Router())
async function checkUploadType (filePath) {
const typeFromMagic = await FileType.fromFile(filePath)
if (typeFromMagic === undefined) {
- logger.error(`Image upload error: Could not determine MIME-type`)
+ logger.error('Image upload error: Could not determine MIME-type')
return false
}
if (path.extname(filePath) !== '.' + typeFromMagic.ext) {
- logger.error(`Image upload error: Provided file extension does not match MIME-type`)
+ logger.error(
+ 'Image upload error: Provided file extension does not match MIME-type'
+ )
return false
}
if (!config.allowedUploadMimeTypes.includes(typeFromMagic.mime)) {
- logger.error(`Image upload error: MIME-type "${typeFromMagic.mime}" of uploaded file not allowed, only "${config.allowedUploadMimeTypes.join(', ')}" are allowed`)
+ logger.error(
+ `Image upload error: MIME-type "${
+ typeFromMagic.mime
+ }" of uploaded file not allowed, only "${config.allowedUploadMimeTypes.join(
+ ', '
+ )}" are allowed`
+ )
return false
}
return true
@@ -33,12 +41,18 @@ async function checkUploadType (filePath) {
// upload image
imageRouter.post('/uploadimage', function (req, res) {
- if (!req.isAuthenticated() && !config.allowAnonymous && !config.allowAnonymousEdits) {
- logger.error(`Image upload error: Anonymous edits and therefore uploads are not allowed)`)
+ if (
+ !req.isAuthenticated() &&
+ !config.allowAnonymous &&
+ !config.allowAnonymousEdits
+ ) {
+ logger.error(
+ 'Image upload error: Anonymous edits and therefore uploads are not allowed'
+ )
return errors.errorForbidden(res)
}
- var form = new formidable.IncomingForm()
+ const form = new formidable.IncomingForm()
form.keepExtensions = true
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'hedgedoc-'))
form.uploadDir = tmpDir
@@ -49,17 +63,21 @@ imageRouter.post('/uploadimage', function (req, res) {
rimraf(tmpDir)
return errors.errorForbidden(res)
} else if (!files.image || !files.image.path) {
- logger.error(`Image upload error: Upload didn't contain file)`)
+ logger.error("Image upload error: Upload didn't contain file)")
rimraf.sync(tmpDir)
return errors.errorBadRequest(res)
- } else if (!await checkUploadType(files.image.path)) {
+ } else if (!(await checkUploadType(files.image.path))) {
rimraf.sync(tmpDir)
return errors.errorBadRequest(res)
} else {
- logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`)
+ logger.debug(
+ `SERVER received uploadimage: ${JSON.stringify(files.image)}`
+ )
const uploadProvider = require('./' + config.imageUploadType)
- logger.debug(`imageRouter: Uploading ${files.image.path} using ${config.imageUploadType}`)
+ logger.debug(
+ `imageRouter: Uploading ${files.image.path} using ${config.imageUploadType}`
+ )
uploadProvider.uploadImage(files.image.path, function (err, url) {
rimraf.sync(tmpDir)
if (err !== null) {
diff --git a/lib/web/imageRouter/minio.js b/lib/web/imageRouter/minio.js
index 91de5ff1..3ced94e2 100644
--- a/lib/web/imageRouter/minio.js
+++ b/lib/web/imageRouter/minio.js
@@ -32,16 +32,16 @@ exports.uploadImage = function (imagePath, callback) {
return
}
- let key = path.join('uploads', path.basename(imagePath))
- let protocol = config.minio.secure ? 'https' : 'http'
+ const key = path.join('uploads', path.basename(imagePath))
+ const protocol = config.minio.secure ? 'https' : 'http'
minioClient.putObject(config.s3bucket, key, buffer, buffer.size, getImageMimeType(imagePath), function (err, data) {
if (err) {
callback(new Error(err), null)
return
}
- let hidePort = [80, 443].includes(config.minio.port)
- let urlPort = hidePort ? '' : `:${config.minio.port}`
+ const hidePort = [80, 443].includes(config.minio.port)
+ const urlPort = hidePort ? '' : `:${config.minio.port}`
callback(null, `${protocol}://${config.minio.endPoint}${urlPort}/${config.s3bucket}/${key}`)
})
})
diff --git a/lib/web/imageRouter/s3.js b/lib/web/imageRouter/s3.js
index 2bf08cc7..5bb8e160 100644
--- a/lib/web/imageRouter/s3.js
+++ b/lib/web/imageRouter/s3.js
@@ -26,7 +26,7 @@ exports.uploadImage = function (imagePath, callback) {
callback(new Error(err), null)
return
}
- let params = {
+ const params = {
Bucket: config.s3bucket,
Key: path.join('uploads', path.basename(imagePath)),
Body: buffer
diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js
index febe2df3..d939a3fe 100644
--- a/lib/web/statusRouter.js
+++ b/lib/web/statusRouter.js
@@ -25,11 +25,11 @@ statusRouter.get('/status', function (req, res, next) {
})
// get status
statusRouter.get('/temp', function (req, res) {
- var host = req.get('host')
+ const host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
errors.errorForbidden(res)
} else {
- var tempid = req.query.tempid
+ const tempid = req.query.tempid
if (!tempid) {
errors.errorForbidden(res)
} else {
@@ -60,11 +60,11 @@ statusRouter.get('/temp', function (req, res) {
})
// post status
statusRouter.post('/temp', urlencodedParser, function (req, res) {
- var host = req.get('host')
+ const host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
errors.errorForbidden(res)
} else {
- var data = req.body.data
+ const data = req.body.data
if (!data) {
errors.errorForbidden(res)
} else {
@@ -90,7 +90,7 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) {
})
statusRouter.get('/config', function (req, res) {
- var data = {
+ const data = {
domain: config.domain,
urlpath: config.urlPath,
debug: config.debug,
diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js
index f1f999f1..117668fa 100644
--- a/lib/web/userRouter.js
+++ b/lib/web/userRouter.js
@@ -21,7 +21,7 @@ UserRouter.get('/me', function (req, res) {
}
}).then(function (user) {
if (!user) { return errors.errorNotFound(res) }
- var profile = models.User.getProfile(user)
+ const profile = models.User.getProfile(user)
res.send({
status: 'ok',
id: req.user.id,
@@ -70,7 +70,7 @@ UserRouter.get('/me/delete/:token?', function (req, res) {
UserRouter.get('/me/export', function (req, res) {
if (req.isAuthenticated()) {
// let output = fs.createWriteStream(__dirname + '/example.zip');
- let archive = archiver('zip', {
+ const archive = archiver('zip', {
zlib: { level: 3 } // Sets the compression level.
})
res.setHeader('Content-Type', 'application/zip')
@@ -90,13 +90,13 @@ UserRouter.get('/me/export', function (req, res) {
ownerId: user.id
}
}).then(function (notes) {
- let filenames = {}
+ const filenames = {}
async.each(notes, function (note, callback) {
- let basename = note.title.replace(/\//g, '-') // Prevent subdirectories
+ const basename = note.title.replace(/\//g, '-') // Prevent subdirectories
let filename
let suffix = ''
do {
- let seperator = typeof suffix === 'number' ? '-' : ''
+ const seperator = typeof suffix === 'number' ? '-' : ''
filename = basename + seperator + suffix + '.md'
suffix++
} while (filenames[filename])