diff options
Diffstat (limited to 'lib/web')
| -rw-r--r-- | lib/web/auth/email/index.js | 12 | ||||
| -rw-r--r-- | lib/web/auth/ldap/index.js | 4 | ||||
| -rw-r--r-- | lib/web/baseRouter.js | 8 | ||||
| -rw-r--r-- | lib/web/imageRouter/index.js | 4 | ||||
| -rw-r--r-- | lib/web/middleware/checkURIValid.js | 4 | ||||
| -rw-r--r-- | lib/web/middleware/tooBusy.js | 4 | ||||
| -rw-r--r-- | lib/web/note/actions.js | 187 | ||||
| -rw-r--r-- | lib/web/note/router.js | 32 | ||||
| -rw-r--r-- | lib/web/note/util.js | 67 | ||||
| -rw-r--r-- | lib/web/noteRouter.js | 30 | ||||
| -rw-r--r-- | lib/web/statusRouter.js | 18 | ||||
| -rw-r--r-- | lib/web/userRouter.js | 22 |
12 files changed, 325 insertions, 67 deletions
diff --git a/lib/web/auth/email/index.js b/lib/web/auth/email/index.js index 32e21428..06560545 100644 --- a/lib/web/auth/email/index.js +++ b/lib/web/auth/email/index.js @@ -9,7 +9,7 @@ const models = require('../../../models') const logger = require('../../../logger') const { setReturnToFromReferer } = require('../utils') const { urlencodedParser } = require('../../utils') -const response = require('../../../response') +const errors = require('../../../errors') let emailAuth = module.exports = Router() @@ -39,8 +39,8 @@ passport.use(new LocalStrategy({ if (config.allowEmailRegister) { emailAuth.post('/register', urlencodedParser, function (req, res, next) { - if (!req.body.email || !req.body.password) return response.errorBadRequest(res) - if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + if (!req.body.email || !req.body.password) return errors.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res) models.User.findOrCreate({ where: { email: req.body.email @@ -63,14 +63,14 @@ if (config.allowEmailRegister) { return res.redirect(config.serverURL + '/') }).catch(function (err) { logger.error('auth callback failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) }) } emailAuth.post('/login', urlencodedParser, function (req, res, next) { - if (!req.body.email || !req.body.password) return response.errorBadRequest(res) - if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res) + if (!req.body.email || !req.body.password) return errors.errorBadRequest(res) + if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res) setReturnToFromReferer(req) passport.authenticate('local', { successReturnToOrRedirect: config.serverURL + '/', diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js index 96143664..28f3e471 100644 --- a/lib/web/auth/ldap/index.js +++ b/lib/web/auth/ldap/index.js @@ -8,7 +8,7 @@ const models = require('../../../models') const logger = require('../../../logger') const { setReturnToFromReferer } = require('../utils') const { urlencodedParser } = require('../../utils') -const response = require('../../../response') +const errors = require('../../../errors') let ldapAuth = module.exports = Router() @@ -81,7 +81,7 @@ passport.use(new LDAPStrategy({ })) ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) { - if (!req.body.username || !req.body.password) return response.errorBadRequest(res) + if (!req.body.username || !req.body.password) return errors.errorBadRequest(res) setReturnToFromReferer(req) passport.authenticate('ldapauth', { successReturnToOrRedirect: config.serverURL + '/', diff --git a/lib/web/baseRouter.js b/lib/web/baseRouter.js index b918ce75..df5e2777 100644 --- a/lib/web/baseRouter.js +++ b/lib/web/baseRouter.js @@ -6,17 +6,19 @@ const response = require('../response') const baseRouter = module.exports = Router() +const errors = require('../errors') + // get index baseRouter.get('/', response.showIndex) // get 403 forbidden baseRouter.get('/403', function (req, res) { - response.errorForbidden(res) + errors.errorForbidden(res) }) // get 404 not found baseRouter.get('/404', function (req, res) { - response.errorNotFound(res) + errors.errorNotFound(res) }) // get 500 internal error baseRouter.get('/500', function (req, res) { - response.errorInternalError(res) + errors.errorInternalError(res) }) diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js index 0b59218b..aa02e9b0 100644 --- a/lib/web/imageRouter/index.js +++ b/lib/web/imageRouter/index.js @@ -5,7 +5,7 @@ const formidable = require('formidable') const config = require('../../config') const logger = require('../../logger') -const response = require('../../response') +const errors = require('../../errors') const imageRouter = module.exports = Router() @@ -22,7 +22,7 @@ imageRouter.post('/uploadimage', function (req, res) { form.parse(req, function (err, fields, files) { if (err || !files.image || !files.image.path) { logger.error(`formidable error: ${err}`) - response.errorForbidden(res) + errors.errorForbidden(res) } else { logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`) diff --git a/lib/web/middleware/checkURIValid.js b/lib/web/middleware/checkURIValid.js index 88065e79..cd6dabd2 100644 --- a/lib/web/middleware/checkURIValid.js +++ b/lib/web/middleware/checkURIValid.js @@ -1,14 +1,14 @@ 'use strict' const logger = require('../../logger') -const response = require('../../response') +const errors = require('../../errors') module.exports = function (req, res, next) { try { decodeURIComponent(req.path) } catch (err) { logger.error(err) - return response.errorBadRequest(res) + return errors.errorBadRequest(res) } next() } diff --git a/lib/web/middleware/tooBusy.js b/lib/web/middleware/tooBusy.js index 49efbe37..a2101975 100644 --- a/lib/web/middleware/tooBusy.js +++ b/lib/web/middleware/tooBusy.js @@ -2,14 +2,14 @@ const toobusy = require('toobusy-js') -const response = require('../../response') +const errors = require('../../errors') const config = require('../../config') toobusy.maxLag(config.tooBusyLag) module.exports = function (req, res, next) { if (toobusy()) { - response.errorServiceUnavailable(res) + errors.errorServiceUnavailable(res) } else { next() } diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js new file mode 100644 index 00000000..cfefc8d5 --- /dev/null +++ b/lib/web/note/actions.js @@ -0,0 +1,187 @@ +'use strict' + +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const error = require('../../errors') +const fs = require('fs') +const shortId = require('shortid') +const markdownpdf = require('markdown-pdf') +const moment = require('moment') +const querystring = require('querystring') +const noteUtil = require('./util') + +exports.doAction = function (req, res, next) { + const noteId = req.params.noteId + noteUtil.findNote(req, res, function (note) { + const action = req.params.action + switch (action) { + case 'publish': + case 'pretty': // pretty deprecated + actionPublish(req, res, note) + break + case 'slide': + actionSlide(req, res, note) + break + case 'download': + exports.actionDownload(req, res, note) + break + case 'info': + actionInfo(req, res, note) + break + case 'pdf': + if (config.allowPDFExport) { + actionPDF(req, res, note) + } else { + logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') + error.errorForbidden(res) + } + break + case 'gist': + actionGist(req, res, note) + break + case 'revision': + actionRevision(req, res, note) + break + default: + return res.redirect(config.serverURL + '/' + noteId) + } + }) +} + +function actionPublish (req, res, note) { + res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) +} + +function actionSlide (req, res, note) { + res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) +} + +exports.actionDownload = function (req, res, note) { + const body = note.content + let filename = models.Note.decodeTitle(note.title) + filename = encodeURIComponent(filename) + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Content-Type': 'text/markdown; charset=UTF-8', + 'Cache-Control': 'private', + 'Content-disposition': 'attachment; filename=' + filename + '.md', + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(body) +} + +function actionInfo (req, res, note) { + const body = note.content + const extracted = models.Note.extractMeta(body) + const markdown = extracted.markdown + const meta = models.Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + const title = models.Note.decodeTitle(note.title) + const data = { + title: meta.title || title, + description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(data) +} + +function actionPDF (req, res, note) { + const url = config.serverURL || 'http://' + req.get('host') + const body = note.content + const extracted = models.Note.extractMeta(body) + let content = extracted.markdown + const title = models.Note.decodeTitle(note.title) + + if (!fs.existsSync(config.tmpPath)) { + fs.mkdirSync(config.tmpPath) + } + const path = config.tmpPath + '/' + Date.now() + '.pdf' + content = content.replace(/\]\(\//g, '](' + url + '/') + markdownpdf().from.string(content).to(path, function () { + if (!fs.existsSync(path)) { + logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) + return error.errorInternalError(res) + } + const stream = fs.createReadStream(path) + let filename = title + // Be careful of special characters + filename = encodeURIComponent(filename) + // Ideally this should strip them + res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') + res.setHeader('Cache-Control', 'private') + res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') + res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling + stream.pipe(res) + fs.unlinkSync(path) + }) +} + +function actionGist (req, res, note) { + const data = { + client_id: config.github.clientID, + redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', + scope: 'gist', + state: shortId.generate() + } + const query = querystring.stringify(data) + res.redirect('https://github.com/login/oauth/authorize?' + query) +} + +function actionRevision (req, res, note) { + const actionId = req.params.actionId + if (actionId) { + const time = moment(parseInt(actionId)) + if (time.isValid()) { + models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { + if (err) { + logger.error(err) + return error.errorInternalError(res) + } + if (!content) { + return error.errorNotFound(res) + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(content) + }) + } else { + return error.errorNotFound(res) + } + } else { + models.Revision.getNoteRevisions(note, function (err, data) { + if (err) { + logger.error(err) + return error.errorInternalError(res) + } + const out = { + revision: data + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(out) + }) + } +} diff --git a/lib/web/note/router.js b/lib/web/note/router.js new file mode 100644 index 00000000..e23b7f64 --- /dev/null +++ b/lib/web/note/router.js @@ -0,0 +1,32 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../../response') + +const { markdownParser } = require('../utils') + +const router = module.exports = Router() + +const noteActions = require('./actions') + +// get new note +router.get('/new', response.postNote) +// post new note with content +router.post('/new', markdownParser, response.postNote) +// post new note with content and alias +router.post('/new/:noteId', markdownParser, response.postNote) +// get publish note +router.get('/s/:shortid', response.showPublishNote) +// publish note actions +router.get('/s/:shortid/:action', response.publishNoteActions) +// get publish slide +router.get('/p/:shortid', response.showPublishSlide) +// publish slide actions +router.get('/p/:shortid/:action', response.publishSlideActions) +// get note by id +router.get('/:noteId', response.showNote) +// note actions +router.get('/:noteId/:action', noteActions.doAction) +// note actions with action id +router.get('/:noteId/:action/:actionId', noteActions.doAction) diff --git a/lib/web/note/util.js b/lib/web/note/util.js new file mode 100644 index 00000000..bda74ac4 --- /dev/null +++ b/lib/web/note/util.js @@ -0,0 +1,67 @@ +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const errors = require('../../errors') + +exports.findNote = function (req, res, callback, include) { + const id = req.params.noteId || req.params.shortid + models.Note.parseNoteId(id, function (err, _id) { + if (err) { + logger.error(err) + return errors.errorInternalError(res) + } + models.Note.findOne({ + where: { + id: _id + }, + include: include || null + }).then(function (note) { + if (!note) { + return exports.newNote(req, res, null) + } + if (!exports.checkViewPermission(req, note)) { + return errors.errorForbidden(res) + } else { + return callback(note) + } + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) + }) +} + +exports.checkViewPermission = function (req, note) { + if (note.permission === 'private') { + return !(!req.isAuthenticated() || note.ownerId !== req.user.id) + } else if (note.permission === 'limited' || note.permission === 'protected') { + return req.isAuthenticated() + } else { + return true + } +} + +exports.newNote = function (req, res, body) { + let owner = null + const noteId = req.params.noteId ? req.params.noteId : null + if (req.isAuthenticated()) { + owner = req.user.id + } else if (!config.allowAnonymous) { + return errors.errorForbidden(res) + } + if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { + req.alias = noteId + } else if (noteId) { + return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) + } + models.Note.create({ + ownerId: owner, + alias: req.alias ? req.alias : null, + content: body + }).then(function (note) { + return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) +} diff --git a/lib/web/noteRouter.js b/lib/web/noteRouter.js deleted file mode 100644 index 58e93019..00000000 --- a/lib/web/noteRouter.js +++ /dev/null @@ -1,30 +0,0 @@ -'use strict' - -const Router = require('express').Router - -const response = require('../response') - -const { markdownParser } = require('./utils') - -const noteRouter = module.exports = Router() - -// get new note -noteRouter.get('/new', response.postNote) -// post new note with content -noteRouter.post('/new', markdownParser, response.postNote) -// post new note with content and alias -noteRouter.post('/new/:noteId', markdownParser, response.postNote) -// get publish note -noteRouter.get('/s/:shortid', response.showPublishNote) -// publish note actions -noteRouter.get('/s/:shortid/:action', response.publishNoteActions) -// get publish slide -noteRouter.get('/p/:shortid', response.showPublishSlide) -// publish slide actions -noteRouter.get('/p/:shortid/:action', response.publishSlideActions) -// get note by id -noteRouter.get('/:noteId', response.showNote) -// note actions -noteRouter.get('/:noteId/:action', response.noteActions) -// note actions with action id -noteRouter.get('/:noteId/:action/:actionId', response.noteActions) diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js index 1d9a1157..025aafd4 100644 --- a/lib/web/statusRouter.js +++ b/lib/web/statusRouter.js @@ -2,7 +2,7 @@ const Router = require('express').Router -const response = require('../response') +const errors = require('../errors') const realtime = require('../realtime') const config = require('../config') const models = require('../models') @@ -27,11 +27,11 @@ statusRouter.get('/status', function (req, res, next) { statusRouter.get('/temp', function (req, res) { var host = req.get('host') if (config.allowOrigin.indexOf(host) === -1) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { var tempid = req.query.tempid if (!tempid) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { models.Temp.findOne({ where: { @@ -39,7 +39,7 @@ statusRouter.get('/temp', function (req, res) { } }).then(function (temp) { if (!temp) { - response.errorNotFound(res) + errors.errorNotFound(res) } else { res.header('Access-Control-Allow-Origin', '*') res.send({ @@ -53,7 +53,7 @@ statusRouter.get('/temp', function (req, res) { } }).catch(function (err) { logger.error(err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } } @@ -62,11 +62,11 @@ statusRouter.get('/temp', function (req, res) { statusRouter.post('/temp', urlencodedParser, function (req, res) { var host = req.get('host') if (config.allowOrigin.indexOf(host) === -1) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { var data = req.body.data if (!data) { - response.errorForbidden(res) + errors.errorForbidden(res) } else { logger.debug(`SERVER received temp from [${host}]: ${req.body.data}`) models.Temp.create({ @@ -79,11 +79,11 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) { id: temp.id }) } else { - response.errorInternalError(res) + errors.errorInternalError(res) } }).catch(function (err) { logger.error(err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } } diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js index 73b519ec..f1f999f1 100644 --- a/lib/web/userRouter.js +++ b/lib/web/userRouter.js @@ -4,7 +4,7 @@ const archiver = require('archiver') const async = require('async') const Router = require('express').Router -const response = require('../response') +const errors = require('../errors') const config = require('../config') const models = require('../models') const logger = require('../logger') @@ -20,7 +20,7 @@ UserRouter.get('/me', function (req, res) { id: req.user.id } }).then(function (user) { - if (!user) { return response.errorNotFound(res) } + if (!user) { return errors.errorNotFound(res) } var profile = models.User.getProfile(user) res.send({ status: 'ok', @@ -30,7 +30,7 @@ UserRouter.get('/me', function (req, res) { }) }).catch(function (err) { logger.error('read me failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { res.send({ @@ -48,21 +48,21 @@ UserRouter.get('/me/delete/:token?', function (req, res) { } }).then(function (user) { if (!user) { - return response.errorNotFound(res) + return errors.errorNotFound(res) } if (user.deleteToken === req.params.token) { user.destroy().then(function () { res.redirect(config.serverURL + '/') }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }).catch(function (err) { logger.error('delete user failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }) @@ -78,7 +78,7 @@ UserRouter.get('/me/export', function (req, res) { archive.pipe(res) archive.on('error', function (err) { logger.error('export user data failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) models.User.findOne({ where: { @@ -107,7 +107,7 @@ UserRouter.get('/me/export', function (req, res) { callback(null, null) }, function (err) { if (err) { - return response.errorInternalError(res) + return errors.errorInternalError(res) } archive.finalize() @@ -115,10 +115,10 @@ UserRouter.get('/me/export', function (req, res) { }) }).catch(function (err) { logger.error('export user data failed: ' + err) - return response.errorInternalError(res) + return errors.errorInternalError(res) }) } else { - return response.errorForbidden(res) + return errors.errorForbidden(res) } }) |