From baa0418fb54fb8f158267f8e8b5f248232dc0a8f Mon Sep 17 00:00:00 2001 From: Max Wu Date: Mon, 26 Feb 2018 16:43:29 +0800 Subject: Remove and replace all note id compression in LZString with base64url Signed-off-by: Max Wu --- lib/models/note.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lib/models/note.js') diff --git a/lib/models/note.js b/lib/models/note.js index 484f1a8c..e199a3db 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -3,6 +3,7 @@ var fs = require('fs') var path = require('path') var LZString = require('lz-string') +var base64url = require('base64url') var md = require('markdown-it')() var metaMarked = require('meta-marked') var cheerio = require('cheerio') @@ -114,6 +115,22 @@ module.exports = function (sequelize, DataTypes) { return false } }, + encodeNoteId: function (id) { + // remove dashes in UUID and encode in url-safe base64 + return base64url.encode(id.replace(/-/g, '')) + }, + decodeNoteId: function (encodedId) { + // decode from url-safe base64 + let id = base64url.decode(encodedId) + // add dashes between the UUID string parts + let idParts = [] + idParts.push(id.substr(0, 8)) + idParts.push(id.substr(8, 4)) + idParts.push(id.substr(12, 4)) + idParts.push(id.substr(16, 4)) + idParts.push(id.substr(20, 12)) + return idParts.join('-') + }, checkNoteIdValid: function (id) { var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i var result = id.match(uuidRegex) @@ -190,6 +207,16 @@ module.exports = function (sequelize, DataTypes) { return _callback(err, null) }) }, + parseNoteIdByBase64Url: function (_callback) { + // try to parse note id by base64url + try { + var id = Note.decodeNoteId(noteId) + if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } + } catch (err) { + return _callback(err, null) + } + }, + // parse note id by LZString is deprecated, here for compability parseNoteIdByLZString: function (_callback) { // try to parse note id by LZString Base64 try { -- cgit v1.2.3 From fe429e9ac17b73638835b2ec1c5033043c5f9942 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Tue, 27 Feb 2018 20:57:31 +0800 Subject: Update to use buffer in encode/decode note id Signed-off-by: Max Wu --- lib/models/note.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/models/note.js') diff --git a/lib/models/note.js b/lib/models/note.js index e199a3db..119d72c3 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -117,11 +117,13 @@ module.exports = function (sequelize, DataTypes) { }, encodeNoteId: function (id) { // remove dashes in UUID and encode in url-safe base64 - return base64url.encode(id.replace(/-/g, '')) + let str = id.replace(/-/g, '') + let hexStr = Buffer.from(str, 'hex') + return base64url.encode(hexStr) }, decodeNoteId: function (encodedId) { // decode from url-safe base64 - let id = base64url.decode(encodedId) + let id = base64url.toBuffer(encodedId).toString('hex') // add dashes between the UUID string parts let idParts = [] idParts.push(id.substr(0, 8)) -- cgit v1.2.3 From c7657ae81e23102cedd31543ee111d2736dc3b22 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Sat, 10 Mar 2018 16:52:24 +0800 Subject: Fix parseNoteId order to fix some edge case that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu --- lib/models/note.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/models/note.js') diff --git a/lib/models/note.js b/lib/models/note.js index 119d72c3..dc4d187b 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -209,20 +209,20 @@ module.exports = function (sequelize, DataTypes) { return _callback(err, null) }) }, - parseNoteIdByBase64Url: function (_callback) { - // try to parse note id by base64url + // parse note id by LZString is deprecated, here for compability + parseNoteIdByLZString: function (_callback) { + // try to parse note id by LZString Base64 try { - var id = Note.decodeNoteId(noteId) + var id = LZString.decompressFromBase64(noteId) if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } } catch (err) { return _callback(err, null) } }, - // parse note id by LZString is deprecated, here for compability - parseNoteIdByLZString: function (_callback) { - // try to parse note id by LZString Base64 + parseNoteIdByBase64Url: function (_callback) { + // try to parse note id by base64url try { - var id = LZString.decompressFromBase64(noteId) + var id = Note.decodeNoteId(noteId) if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } } catch (err) { return _callback(err, null) -- cgit v1.2.3 From 5e975cbe690048e144fb6bd99c5b239a3e764445 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Sun, 11 Mar 2018 02:52:24 +0800 Subject: Fix to log instead of throwing error on parse note id Signed-off-by: Max Wu --- lib/models/note.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/models/note.js') diff --git a/lib/models/note.js b/lib/models/note.js index dc4d187b..d615bcf7 100644 --- a/lib/models/note.js +++ b/lib/models/note.js @@ -216,7 +216,8 @@ module.exports = function (sequelize, DataTypes) { var id = LZString.decompressFromBase64(noteId) if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } } catch (err) { - return _callback(err, null) + logger.error(err) + return _callback(null, null) } }, parseNoteIdByBase64Url: function (_callback) { @@ -225,7 +226,8 @@ module.exports = function (sequelize, DataTypes) { var id = Note.decodeNoteId(noteId) if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) } } catch (err) { - return _callback(err, null) + logger.error(err) + return _callback(null, null) } }, parseNoteIdByShortId: function (_callback) { -- cgit v1.2.3