summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/config/environment.js6
-rw-r--r--lib/config/utils.js7
-rw-r--r--lib/history.js16
-rw-r--r--lib/migrations/20180306150303-fix-enum.js11
-rw-r--r--lib/models/note.js33
-rw-r--r--lib/realtime.js3
-rw-r--r--lib/response.js11
-rw-r--r--lib/web/auth/ldap/index.js9
-rw-r--r--package.json1
-rw-r--r--public/js/history.js15
-rw-r--r--public/js/utils.js32
-rw-r--r--yarn.lock4
12 files changed, 134 insertions, 14 deletions
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 2d0b520a..ddc09e10 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -1,11 +1,11 @@
'use strict'
-const {toBooleanConfig, toArrayConfig} = require('./utils')
+const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils')
module.exports = {
domain: process.env.HMD_DOMAIN,
urlpath: process.env.HMD_URL_PATH,
- port: process.env.HMD_PORT,
+ port: toIntegerConfig(process.env.HMD_PORT),
urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT),
usessl: toBooleanConfig(process.env.HMD_USESSL),
hsts: {
@@ -40,7 +40,7 @@ module.exports = {
secretKey: process.env.HMD_MINIO_SECRET_KEY,
endPoint: process.env.HMD_MINIO_ENDPOINT,
secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
- port: parseInt(process.env.HMD_MINIO_PORT)
+ port: toIntegerConfig(process.env.HMD_MINIO_PORT)
},
s3bucket: process.env.HMD_S3_BUCKET,
facebook: {
diff --git a/lib/config/utils.js b/lib/config/utils.js
index 9ff2f96d..b2406cf1 100644
--- a/lib/config/utils.js
+++ b/lib/config/utils.js
@@ -13,3 +13,10 @@ exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fa
}
return fallback
}
+
+exports.toIntegerConfig = function toIntegerConfig (configValue) {
+ if (configValue && typeof configValue === 'string') {
+ return parseInt(configValue)
+ }
+ return configValue
+}
diff --git a/lib/history.js b/lib/history.js
index f46ff49f..c7d2472c 100644
--- a/lib/history.js
+++ b/lib/history.js
@@ -1,6 +1,7 @@
'use strict'
// history
// external modules
+var LZString = require('lz-string')
// core
var config = require('./config')
@@ -27,7 +28,20 @@ function getHistory (userid, callback) {
}
var history = {}
if (user.history) {
- history = parseHistoryToObject(JSON.parse(user.history))
+ history = JSON.parse(user.history)
+ // migrate LZString encoded note id to base64url encoded note id
+ for (let i = 0, l = history.length; i < l; i++) {
+ try {
+ let id = LZString.decompressFromBase64(history[i].id)
+ if (id && models.Note.checkNoteIdValid(id)) {
+ history[i].id = models.Note.encodeNoteId(id)
+ }
+ } catch (err) {
+ // most error here comes from LZString, ignore
+ logger.error(err)
+ }
+ }
+ history = parseHistoryToObject(history)
}
if (config.debug) {
logger.info('read history success: ' + user.id)
diff --git a/lib/migrations/20180306150303-fix-enum.js b/lib/migrations/20180306150303-fix-enum.js
new file mode 100644
index 00000000..0ee58a94
--- /dev/null
+++ b/lib/migrations/20180306150303-fix-enum.js
@@ -0,0 +1,11 @@
+'use strict'
+
+module.exports = {
+ up: function (queryInterface, Sequelize) {
+ queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'limited', 'locked', 'protected', 'private')})
+ },
+
+ down: function (queryInterface, Sequelize) {
+ queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'locked', 'private')})
+ }
+}
diff --git a/lib/models/note.js b/lib/models/note.js
index 484f1a8c..d615bcf7 100644
--- a/lib/models/note.js
+++ b/lib/models/note.js
@@ -3,6 +3,7 @@
var fs = require('fs')
var path = require('path')
var LZString = require('lz-string')
+var base64url = require('base64url')
var md = require('markdown-it')()
var metaMarked = require('meta-marked')
var cheerio = require('cheerio')
@@ -114,6 +115,24 @@ module.exports = function (sequelize, DataTypes) {
return false
}
},
+ encodeNoteId: function (id) {
+ // remove dashes in UUID and encode in url-safe base64
+ let str = id.replace(/-/g, '')
+ let hexStr = Buffer.from(str, 'hex')
+ return base64url.encode(hexStr)
+ },
+ decodeNoteId: function (encodedId) {
+ // decode from url-safe base64
+ let id = base64url.toBuffer(encodedId).toString('hex')
+ // add dashes between the UUID string parts
+ let idParts = []
+ idParts.push(id.substr(0, 8))
+ idParts.push(id.substr(8, 4))
+ idParts.push(id.substr(12, 4))
+ idParts.push(id.substr(16, 4))
+ idParts.push(id.substr(20, 12))
+ return idParts.join('-')
+ },
checkNoteIdValid: function (id) {
var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
var result = id.match(uuidRegex)
@@ -190,13 +209,25 @@ module.exports = function (sequelize, DataTypes) {
return _callback(err, null)
})
},
+ // parse note id by LZString is deprecated, here for compability
parseNoteIdByLZString: function (_callback) {
// try to parse note id by LZString Base64
try {
var id = LZString.decompressFromBase64(noteId)
if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) }
} catch (err) {
- return _callback(err, null)
+ logger.error(err)
+ return _callback(null, null)
+ }
+ },
+ parseNoteIdByBase64Url: function (_callback) {
+ // try to parse note id by base64url
+ try {
+ var id = Note.decodeNoteId(noteId)
+ if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) }
+ } catch (err) {
+ logger.error(err)
+ return _callback(null, null)
}
},
parseNoteIdByShortId: function (_callback) {
diff --git a/lib/realtime.js b/lib/realtime.js
index d6ba62b2..5ee9f8fd 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -5,7 +5,6 @@ var cookie = require('cookie')
var cookieParser = require('cookie-parser')
var url = require('url')
var async = require('async')
-var LZString = require('lz-string')
var randomcolor = require('randomcolor')
var Chance = require('chance')
var chance = new Chance()
@@ -703,7 +702,7 @@ function operationCallback (socket, operation) {
}
function updateHistory (userId, note, time) {
- var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id)
+ var noteId = note.alias ? note.alias : models.Note.encodeNoteId(note.id)
if (note.server) history.updateHistory(userId, noteId, note.server.document, time)
}
diff --git a/lib/response.js b/lib/response.js
index 41e8c336..25b9fafc 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -3,7 +3,6 @@
// external modules
var fs = require('fs')
var markdownpdf = require('markdown-pdf')
-var LZString = require('lz-string')
var shortId = require('shortid')
var querystring = require('querystring')
var request = require('request')
@@ -124,7 +123,7 @@ function newNote (req, res, next) {
alias: req.alias ? req.alias : null,
content: req.body ? req.body : ''
}).then(function (note) {
- return res.redirect(config.serverurl + '/' + LZString.compressToBase64(note.id))
+ return res.redirect(config.serverurl + '/' + models.Note.encodeNoteId(note.id))
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
@@ -179,7 +178,7 @@ function showNote (req, res, next) {
findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId
- var id = LZString.compressToBase64(note.id)
+ var id = models.Note.encodeNoteId(note.id)
if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverurl + '/' + (note.alias || id)) }
return responseHackMD(res, note)
})
@@ -321,7 +320,7 @@ function actionPDF (req, res, note) {
function actionGist (req, res, note) {
var data = {
client_id: config.github.clientID,
- redirect_uri: config.serverurl + '/auth/github/callback/' + LZString.compressToBase64(note.id) + '/gist',
+ redirect_uri: config.serverurl + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
scope: 'gist',
state: shortId.generate()
}
@@ -418,7 +417,7 @@ function publishNoteActions (req, res, next) {
var action = req.params.action
switch (action) {
case 'edit':
- res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
+ res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
break
default:
res.redirect(config.serverurl + '/s/' + note.shortid)
@@ -432,7 +431,7 @@ function publishSlideActions (req, res, next) {
var action = req.params.action
switch (action) {
case 'edit':
- res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
+ res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
break
default:
res.redirect(config.serverurl + '/p/' + note.shortid)
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index 1a5c9938..6aa9789f 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -23,11 +23,18 @@ passport.use(new LDAPStrategy({
tlsOptions: config.ldap.tlsOptions || null
}
}, function (user, done) {
- var uuid = user.uidNumber || user.uid || user.sAMAccountName
+ var uuid = user.uidNumber || user.uid || user.sAMAccountName || undefined
if (config.ldap.useridField && user[config.ldap.useridField]) {
uuid = user[config.ldap.useridField]
}
+ if (typeof uuid === 'undefined') {
+ throw new Error('Could not determine UUID for LDAP user. Check that ' +
+ 'either uidNumber, uid or sAMAccountName is set in your LDAP directory ' +
+ 'or use another unique attribute and configure it using the ' +
+ '"useridField" option in ldap settings.')
+ }
+
var username = uuid
if (config.ldap.usernameField && user[config.ldap.usernameField]) {
username = user[config.ldap.usernameField]
diff --git a/package.json b/package.json
index 18c985b6..58e2afff 100644
--- a/package.json
+++ b/package.json
@@ -18,6 +18,7 @@
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
"async": "^2.1.4",
"aws-sdk": "^2.7.20",
+ "base64url": "^2.0.0",
"blueimp-md5": "^2.6.0",
"body-parser": "^1.15.2",
"bootstrap": "^3.3.7",
diff --git a/public/js/history.js b/public/js/history.js
index e14b80d8..71322818 100644
--- a/public/js/history.js
+++ b/public/js/history.js
@@ -3,6 +3,12 @@
import store from 'store'
import S from 'string'
+import LZString from 'lz-string'
+
+import {
+ checkNoteIdValid,
+ encodeNoteId
+} from './utils'
import {
checkIfAuth
@@ -291,6 +297,15 @@ function parseToHistory (list, notehistory, callback) {
else if (!list || !notehistory) callback(list, notehistory)
else if (notehistory && notehistory.length > 0) {
for (let i = 0; i < notehistory.length; i++) {
+ // migrate LZString encoded id to base64url encoded id
+ try {
+ let id = LZString.decompressFromBase64(notehistory[i].id)
+ if (id && checkNoteIdValid(id)) {
+ notehistory[i].id = encodeNoteId(id)
+ }
+ } catch (err) {
+ console.error(err)
+ }
// parse time to timestamp and fromNow
const timestamp = (typeof notehistory[i].time === 'number' ? moment(notehistory[i].time) : moment(notehistory[i].time, 'MMMM Do YYYY, h:mm:ss a'))
notehistory[i].timestamp = timestamp.valueOf()
diff --git a/public/js/utils.js b/public/js/utils.js
new file mode 100644
index 00000000..91e7f133
--- /dev/null
+++ b/public/js/utils.js
@@ -0,0 +1,32 @@
+import base64url from 'base64url'
+
+let uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
+
+export function checkNoteIdValid (id) {
+ let result = id.match(uuidRegex)
+ if (result && result.length === 1) {
+ return true
+ } else {
+ return false
+ }
+}
+
+export function encodeNoteId (id) {
+ // remove dashes in UUID and encode in url-safe base64
+ let str = id.replace(/-/g, '')
+ let hexStr = Buffer.from(str, 'hex')
+ return base64url.encode(hexStr)
+}
+
+export function decodeNoteId (encodedId) {
+ // decode from url-safe base64
+ let id = base64url.toBuffer(encodedId).toString('hex')
+ // add dashes between the UUID string parts
+ let idParts = []
+ idParts.push(id.substr(0, 8))
+ idParts.push(id.substr(8, 4))
+ idParts.push(id.substr(12, 4))
+ idParts.push(id.substr(16, 4))
+ idParts.push(id.substr(20, 12))
+ return idParts.join('-')
+}
diff --git a/yarn.lock b/yarn.lock
index b19ecaa8..3246fa99 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -818,6 +818,10 @@ base64id@1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/base64id/-/base64id-1.0.0.tgz#47688cb99bb6804f0e06d3e763b1c32e57d8e6b6"
+base64url@^2.0.0:
+ version "2.0.0"
+ resolved "https://registry.yarnpkg.com/base64url/-/base64url-2.0.0.tgz#eac16e03ea1438eff9423d69baa36262ed1f70bb"
+
basic-auth@~2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.0.tgz#015db3f353e02e56377755f962742e8981e7bbba"