diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/config/environment.js | 6 | ||||
| -rw-r--r-- | lib/config/index.js | 7 | ||||
| -rw-r--r-- | lib/config/utils.js | 7 | ||||
| -rw-r--r-- | lib/history.js | 16 | ||||
| -rw-r--r-- | lib/migrations/20180306150303-fix-enum.js | 11 | ||||
| -rw-r--r-- | lib/models/note.js | 33 | ||||
| -rw-r--r-- | lib/realtime.js | 3 | ||||
| -rw-r--r-- | lib/response.js | 11 | ||||
| -rw-r--r-- | lib/web/auth/ldap/index.js | 9 | ||||
| -rw-r--r-- | lib/web/imageRouter.js | 132 | ||||
| -rw-r--r-- | lib/web/imageRouter/filesystem.js | 18 | ||||
| -rw-r--r-- | lib/web/imageRouter/imgur.js | 28 | ||||
| -rw-r--r-- | lib/web/imageRouter/index.js | 42 | ||||
| -rw-r--r-- | lib/web/imageRouter/minio.js | 45 | ||||
| -rw-r--r-- | lib/web/imageRouter/s3.js | 50 |
15 files changed, 272 insertions, 146 deletions
diff --git a/lib/config/environment.js b/lib/config/environment.js index 2d0b520a..ddc09e10 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -1,11 +1,11 @@ 'use strict' -const {toBooleanConfig, toArrayConfig} = require('./utils') +const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils') module.exports = { domain: process.env.HMD_DOMAIN, urlpath: process.env.HMD_URL_PATH, - port: process.env.HMD_PORT, + port: toIntegerConfig(process.env.HMD_PORT), urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT), usessl: toBooleanConfig(process.env.HMD_USESSL), hsts: { @@ -40,7 +40,7 @@ module.exports = { secretKey: process.env.HMD_MINIO_SECRET_KEY, endPoint: process.env.HMD_MINIO_ENDPOINT, secure: toBooleanConfig(process.env.HMD_MINIO_SECURE), - port: parseInt(process.env.HMD_MINIO_PORT) + port: toIntegerConfig(process.env.HMD_MINIO_PORT) }, s3bucket: process.env.HMD_S3_BUCKET, facebook: { diff --git a/lib/config/index.js b/lib/config/index.js index 0051e485..abcd2b3e 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -6,6 +6,7 @@ const path = require('path') const {merge} = require('lodash') const deepFreeze = require('deep-freeze') const {Environment, Permission} = require('./enum') +const logger = require('../logger') const appRootPath = path.join(__dirname, '../../') const env = process.env.NODE_ENV || Environment.development @@ -103,6 +104,12 @@ if (config.imageUploadType && !config.imageuploadtype) { config.imageuploadtype = config.imageUploadType } +// Validate upload upload providers +if (['filesystem', 's3', 'minio', 'imgur'].indexOf(config.imageuploadtype) === -1) { + logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio" or "imgur". Defaulting to "imgur"') + config.imageuploadtype = 'imgur' +} + // figure out mime types for image uploads switch (config.imageuploadtype) { case 'imgur': diff --git a/lib/config/utils.js b/lib/config/utils.js index 9ff2f96d..b2406cf1 100644 --- a/lib/config/utils.js +++ b/lib/config/utils.js @@ -13,3 +13,10 @@ exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fa } return fallback } + +exports.toIntegerConfig = function toIntegerConfig (configValue) { + if (configValue && typeof configValue === 'string') { + return parseInt(configValue) + } + return configValue +} diff --git a/lib/history.js b/lib/history.js index f46ff49f..c7d2472c 100644 --- a/lib/history.js +++ b/lib/history.js @@ -1,6 +1,7 @@ 'use strict' // history // external modules +var LZString = require('lz-string') // core var config = require('./config') @@ -27,7 +28,20 @@ function getHistory (userid, callback) { } var history = {} if (user.history) { - history = parseHistoryToObject(JSON.parse(user.history)) + history = JSON.parse(user.history) + // migrate LZString encoded note id to base64url encoded note id + for (let i = 0, l = history.length; i < l; i++) { + try { + let id = LZString.decompressFromBase64(history[i].id) + if (id && models.Note.checkNoteIdValid(id)) { + history[i].id = models.Note.encodeNoteId(id) + } + } catch (err) { + // most error here comes from LZString, ignore + logger.error(err) + } + } + history = parseHistoryToObject(history) } if (config.debug) { logger.info('read history success: ' + user.id) diff --git a/lib/migrations/20180306150303-fix-enum.js b/lib/migrations/20180306150303-fix-enum.js new file mode 100644 index 00000000..0ee58a94 --- /dev/null +++ b/lib/migrations/20180306150303-fix-enum.js @@ -0,0 +1,11 @@ +'use strict' + +module.exports = { + up: function (queryInterface, Sequelize) { + queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'limited', 'locked', 'protected', 'private')}) + }, + + down: function (queryInterface, Sequelize) { + queryInterface.changeColumn('Notes', 'permission', {type: Sequelize.ENUM('freely', 'editable', 'locked', 'private')}) + } +} diff --git a/lib/models/note.js b/lib/models/note.js index 484f1a8c..d615bcf7 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -3,6 +3,7 @@ var fs = require('fs') var path = require('path') var LZString = require('lz-string') +var base64url = require('base64url') var md = require('markdown-it')() var metaMarked = require('meta-marked') var cheerio = require('cheerio') @@ -114,6 +115,24 @@ module.exports = function (sequelize, DataTypes) { return false } }, + encodeNoteId: function (id) { + // remove dashes in UUID and encode in url-safe base64 + let str = id.replace(/-/g, '') + let hexStr = Buffer.from(str, 'hex') + return base64url.encode(hexStr) + }, + decodeNoteId: function (encodedId) { + // decode from url-safe base64 + let id = base64url.toBuffer(encodedId).toString('hex') + // add dashes between the UUID string parts + let idParts = [] + idParts.push(id.substr(0, 8)) + idParts.push(id.substr(8, 4)) + idParts.push(id.substr(12, 4)) + idParts.push(id.substr(16, 4)) + idParts.push(id.substr(20, 12)) + return idParts.join('-') + }, checkNoteIdValid: function (id) { var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i var result = id.match(uuidRegex) @@ -190,13 +209,25 @@ module.exports = function (sequelize, DataTypes) { return _callback(err, null) }) }, + // parse note id by LZString is deprecated, here for compability parseNoteIdByLZString: function (_callback) { // try to parse note id by LZString Base64 try { var id = LZString.decompressFromBase64(noteId) if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } } catch (err) { - return _callback(err, null) + logger.error(err) + return _callback(null, null) + } + }, + parseNoteIdByBase64Url: function (_callback) { + // try to parse note id by base64url + try { + var id = Note.decodeNoteId(noteId) + if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } + } catch (err) { + logger.error(err) + return _callback(null, null) } }, parseNoteIdByShortId: function (_callback) { diff --git a/lib/realtime.js b/lib/realtime.js index d6ba62b2..5ee9f8fd 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -5,7 +5,6 @@ var cookie = require('cookie') var cookieParser = require('cookie-parser') var url = require('url') var async = require('async') -var LZString = require('lz-string') var randomcolor = require('randomcolor') var Chance = require('chance') var chance = new Chance() @@ -703,7 +702,7 @@ function operationCallback (socket, operation) { } function updateHistory (userId, note, time) { - var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id) + var noteId = note.alias ? note.alias : models.Note.encodeNoteId(note.id) if (note.server) history.updateHistory(userId, noteId, note.server.document, time) } diff --git a/lib/response.js b/lib/response.js index 41e8c336..25b9fafc 100644 --- a/lib/response.js +++ b/lib/response.js @@ -3,7 +3,6 @@ // external modules var fs = require('fs') var markdownpdf = require('markdown-pdf') -var LZString = require('lz-string') var shortId = require('shortid') var querystring = require('querystring') var request = require('request') @@ -124,7 +123,7 @@ function newNote (req, res, next) { alias: req.alias ? req.alias : null, content: req.body ? req.body : '' }).then(function (note) { - return res.redirect(config.serverurl + '/' + LZString.compressToBase64(note.id)) + return res.redirect(config.serverurl + '/' + models.Note.encodeNoteId(note.id)) }).catch(function (err) { logger.error(err) return response.errorInternalError(res) @@ -179,7 +178,7 @@ function showNote (req, res, next) { findNote(req, res, function (note) { // force to use note id var noteId = req.params.noteId - var id = LZString.compressToBase64(note.id) + var id = models.Note.encodeNoteId(note.id) if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverurl + '/' + (note.alias || id)) } return responseHackMD(res, note) }) @@ -321,7 +320,7 @@ function actionPDF (req, res, note) { function actionGist (req, res, note) { var data = { client_id: config.github.clientID, - redirect_uri: config.serverurl + '/auth/github/callback/' + LZString.compressToBase64(note.id) + '/gist', + redirect_uri: config.serverurl + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', scope: 'gist', state: shortId.generate() } @@ -418,7 +417,7 @@ function publishNoteActions (req, res, next) { var action = req.params.action switch (action) { case 'edit': - res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))) + res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) break default: res.redirect(config.serverurl + '/s/' + note.shortid) @@ -432,7 +431,7 @@ function publishSlideActions (req, res, next) { var action = req.params.action switch (action) { case 'edit': - res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id))) + res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) break default: res.redirect(config.serverurl + '/p/' + note.shortid) diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js index 1a5c9938..6aa9789f 100644 --- a/lib/web/auth/ldap/index.js +++ b/lib/web/auth/ldap/index.js @@ -23,11 +23,18 @@ passport.use(new LDAPStrategy({ tlsOptions: config.ldap.tlsOptions || null } }, function (user, done) { - var uuid = user.uidNumber || user.uid || user.sAMAccountName + var uuid = user.uidNumber || user.uid || user.sAMAccountName || undefined if (config.ldap.useridField && user[config.ldap.useridField]) { uuid = user[config.ldap.useridField] } + if (typeof uuid === 'undefined') { + throw new Error('Could not determine UUID for LDAP user. Check that ' + + 'either uidNumber, uid or sAMAccountName is set in your LDAP directory ' + + 'or use another unique attribute and configure it using the ' + + '"useridField" option in ldap settings.') + } + var username = uuid if (config.ldap.usernameField && user[config.ldap.usernameField]) { username = user[config.ldap.usernameField] diff --git a/lib/web/imageRouter.js b/lib/web/imageRouter.js deleted file mode 100644 index 483be64b..00000000 --- a/lib/web/imageRouter.js +++ /dev/null @@ -1,132 +0,0 @@ -'use strict' -var fs = require('fs') -var url = require('url') -var path = require('path') - -const Router = require('express').Router -const formidable = require('formidable') -var imgur = require('imgur') - -const config = require('../config') -const logger = require('../logger') -const response = require('../response') - -const imageRouter = module.exports = Router() - -// upload image -imageRouter.post('/uploadimage', function (req, res) { - var form = new formidable.IncomingForm() - - form.keepExtensions = true - - if (config.imageuploadtype === 'filesystem') { - form.uploadDir = 'public/uploads' - } - - form.parse(req, function (err, fields, files) { - if (err || !files.image || !files.image.path) { - response.errorForbidden(res) - } else { - if (config.debug) { logger.info('SERVER received uploadimage: ' + JSON.stringify(files.image)) } - - try { - switch (config.imageuploadtype) { - case 'filesystem': - res.send({ - link: url.resolve(config.serverurl + '/', files.image.path.match(/^public\/(.+$)/)[1]) - }) - - break - - case 's3': - var AWS = require('aws-sdk') - var awsConfig = new AWS.Config(config.s3) - var s3 = new AWS.S3(awsConfig) - const {getImageMimeType} = require('../utils') - fs.readFile(files.image.path, function (err, buffer) { - if (err) { - logger.error(err) - res.status(500).end('upload image error') - return - } - var params = { - Bucket: config.s3bucket, - Key: path.join('uploads', path.basename(files.image.path)), - Body: buffer - } - - var mimeType = getImageMimeType(files.image.path) - if (mimeType) { params.ContentType = mimeType } - - s3.putObject(params, function (err, data) { - if (err) { - logger.error(err) - res.status(500).end('upload image error') - return - } - - var s3Endpoint = 's3.amazonaws.com' - if (config.s3.region && config.s3.region !== 'us-east-1') { s3Endpoint = `s3-${config.s3.region}.amazonaws.com` } - res.send({ - link: `https://${s3Endpoint}/${config.s3bucket}/${params.Key}` - }) - }) - }) - break - - case 'minio': - var utils = require('../utils') - var Minio = require('minio') - var minioClient = new Minio.Client({ - endPoint: config.minio.endPoint, - port: config.minio.port, - secure: config.minio.secure, - accessKey: config.minio.accessKey, - secretKey: config.minio.secretKey - }) - fs.readFile(files.image.path, function (err, buffer) { - if (err) { - logger.error(err) - res.status(500).end('upload image error') - return - } - - var key = path.join('uploads', path.basename(files.image.path)) - var protocol = config.minio.secure ? 'https' : 'http' - - minioClient.putObject(config.s3bucket, key, buffer, buffer.size, utils.getImageMimeType(files.image.path), function (err, data) { - if (err) { - logger.error(err) - res.status(500).end('upload image error') - return - } - res.send({ - link: `${protocol}://${config.minio.endPoint}:${config.minio.port}/${config.s3bucket}/${key}` - }) - }) - }) - break - - case 'imgur': - default: - imgur.setClientId(config.imgur.clientID) - imgur.uploadFile(files.image.path) - .then(function (json) { - if (config.debug) { logger.info('SERVER uploadimage success: ' + JSON.stringify(json)) } - res.send({ - link: json.data.link.replace(/^http:\/\//i, 'https://') - }) - }) - .catch(function (err) { - logger.error(err) - return res.status(500).end('upload image error') - }) - break - } - } catch (err) { - logger.error(err) - return res.status(500).end('upload image error') - } - } - }) -}) diff --git a/lib/web/imageRouter/filesystem.js b/lib/web/imageRouter/filesystem.js new file mode 100644 index 00000000..25ec3846 --- /dev/null +++ b/lib/web/imageRouter/filesystem.js @@ -0,0 +1,18 @@ +'use strict' +const url = require('url') + +const config = require('../../config') + +exports.uploadImage = function (imagePath, callback) { + if (!imagePath || typeof imagePath !== 'string') { + callback(new Error('Image path is missing or wrong'), null) + return + } + + if (!callback || typeof callback !== 'function') { + callback(new Error('Callback has to be a function'), null) + return + } + + callback(null, url.resolve(config.serverurl + '/', imagePath.match(/^public\/(.+$)/)[1])) +} diff --git a/lib/web/imageRouter/imgur.js b/lib/web/imageRouter/imgur.js new file mode 100644 index 00000000..31d5f55c --- /dev/null +++ b/lib/web/imageRouter/imgur.js @@ -0,0 +1,28 @@ +'use strict' +const config = require('../../config') +const logger = require('../../logger') + +const imgur = require('imgur') + +exports.uploadImage = function (imagePath, callback) { + if (!imagePath || typeof imagePath !== 'string') { + callback(new Error('Image path is missing or wrong'), null) + return + } + + if (!callback || typeof callback !== 'function') { + callback(new Error('Callback has to be a function'), null) + return + } + + imgur.setClientId(config.imgur.clientID) + imgur.uploadFile(imagePath) + .then(function (json) { + if (config.debug) { + logger.info('SERVER uploadimage success: ' + JSON.stringify(json)) + } + callback(null, json.data.link.replace(/^http:\/\//i, 'https://')) + }).catch(function (err) { + callback(new Error(err), null) + }) +} diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js new file mode 100644 index 00000000..59f19253 --- /dev/null +++ b/lib/web/imageRouter/index.js @@ -0,0 +1,42 @@ +'use strict' + +const Router = require('express').Router +const formidable = require('formidable') + +const config = require('../../config') +const logger = require('../../logger') +const response = require('../../response') + +const imageRouter = module.exports = Router() + +// upload image +imageRouter.post('/uploadimage', function (req, res) { + var form = new formidable.IncomingForm() + + form.keepExtensions = true + + if (config.imageuploadtype === 'filesystem') { + form.uploadDir = 'public/uploads' + } + + form.parse(req, function (err, fields, files) { + if (err || !files.image || !files.image.path) { + response.errorForbidden(res) + } else { + if (config.debug) { + logger.info('SERVER received uploadimage: ' + JSON.stringify(files.image)) + } + + const uploadProvider = require('./' + config.imageuploadtype) + uploadProvider.uploadImage(files.image.path, function (err, url) { + if (err !== null) { + logger.error(err) + return res.status(500).end('upload image error') + } + res.send({ + link: url + }) + }) + } + }) +}) diff --git a/lib/web/imageRouter/minio.js b/lib/web/imageRouter/minio.js new file mode 100644 index 00000000..099cb926 --- /dev/null +++ b/lib/web/imageRouter/minio.js @@ -0,0 +1,45 @@ +'use strict' +const fs = require('fs') +const path = require('path') + +const config = require('../../config') +const {getImageMimeType} = require('../../utils') + +const Minio = require('minio') +const minioClient = new Minio.Client({ + endPoint: config.minio.endPoint, + port: config.minio.port, + secure: config.minio.secure, + accessKey: config.minio.accessKey, + secretKey: config.minio.secretKey +}) + +exports.uploadImage = function (imagePath, callback) { + if (!imagePath || typeof imagePath !== 'string') { + callback(new Error('Image path is missing or wrong'), null) + return + } + + if (!callback || typeof callback !== 'function') { + callback(new Error('Callback has to be a function'), null) + return + } + + fs.readFile(imagePath, function (err, buffer) { + if (err) { + callback(new Error(err), null) + return + } + + let key = path.join('uploads', path.basename(imagePath)) + let protocol = config.minio.secure ? 'https' : 'http' + + minioClient.putObject(config.s3bucket, key, buffer, buffer.size, getImageMimeType(imagePath), function (err, data) { + if (err) { + callback(new Error(err), null) + return + } + callback(null, `${protocol}://${config.minio.endPoint}:${config.minio.port}/${config.s3bucket}/${key}`) + }) + }) +} diff --git a/lib/web/imageRouter/s3.js b/lib/web/imageRouter/s3.js new file mode 100644 index 00000000..bcd3ea60 --- /dev/null +++ b/lib/web/imageRouter/s3.js @@ -0,0 +1,50 @@ +'use strict' +const fs = require('fs') +const path = require('path') + +const config = require('../../config') +const {getImageMimeType} = require('../../utils') + +const AWS = require('aws-sdk') +const awsConfig = new AWS.Config(config.s3) +const s3 = new AWS.S3(awsConfig) + +exports.uploadImage = function (imagePath, callback) { + if (!imagePath || typeof imagePath !== 'string') { + callback(new Error('Image path is missing or wrong'), null) + return + } + + if (!callback || typeof callback !== 'function') { + callback(new Error('Callback has to be a function'), null) + return + } + + fs.readFile(imagePath, function (err, buffer) { + if (err) { + callback(new Error(err), null) + return + } + let params = { + Bucket: config.s3bucket, + Key: path.join('uploads', path.basename(imagePath)), + Body: buffer + } + + const mimeType = getImageMimeType(imagePath) + if (mimeType) { params.ContentType = mimeType } + + s3.putObject(params, function (err, data) { + if (err) { + callback(new Error(err), null) + return + } + + let s3Endpoint = 's3.amazonaws.com' + if (config.s3.region && config.s3.region !== 'us-east-1') { + s3Endpoint = `s3-${config.s3.region}.amazonaws.com` + } + callback(null, `https://${s3Endpoint}/${config.s3bucket}/${params.Key}`) + }) + }) +} |