From f78540c3fbf109d6ccf2d92c5b1cf0148c88f722 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Oct 2019 13:51:53 +0100 Subject: Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren --- lib/web/note/actions.js | 187 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/web/note/router.js | 32 +++++++++ lib/web/note/util.js | 67 +++++++++++++++++ 3 files changed, 286 insertions(+) create mode 100644 lib/web/note/actions.js create mode 100644 lib/web/note/router.js create mode 100644 lib/web/note/util.js (limited to 'lib/web/note') diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js new file mode 100644 index 00000000..cfefc8d5 --- /dev/null +++ b/lib/web/note/actions.js @@ -0,0 +1,187 @@ +'use strict' + +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const error = require('../../errors') +const fs = require('fs') +const shortId = require('shortid') +const markdownpdf = require('markdown-pdf') +const moment = require('moment') +const querystring = require('querystring') +const noteUtil = require('./util') + +exports.doAction = function (req, res, next) { + const noteId = req.params.noteId + noteUtil.findNote(req, res, function (note) { + const action = req.params.action + switch (action) { + case 'publish': + case 'pretty': // pretty deprecated + actionPublish(req, res, note) + break + case 'slide': + actionSlide(req, res, note) + break + case 'download': + exports.actionDownload(req, res, note) + break + case 'info': + actionInfo(req, res, note) + break + case 'pdf': + if (config.allowPDFExport) { + actionPDF(req, res, note) + } else { + logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') + error.errorForbidden(res) + } + break + case 'gist': + actionGist(req, res, note) + break + case 'revision': + actionRevision(req, res, note) + break + default: + return res.redirect(config.serverURL + '/' + noteId) + } + }) +} + +function actionPublish (req, res, note) { + res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid)) +} + +function actionSlide (req, res, note) { + res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) +} + +exports.actionDownload = function (req, res, note) { + const body = note.content + let filename = models.Note.decodeTitle(note.title) + filename = encodeURIComponent(filename) + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Content-Type': 'text/markdown; charset=UTF-8', + 'Cache-Control': 'private', + 'Content-disposition': 'attachment; filename=' + filename + '.md', + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(body) +} + +function actionInfo (req, res, note) { + const body = note.content + const extracted = models.Note.extractMeta(body) + const markdown = extracted.markdown + const meta = models.Note.parseMeta(extracted.meta) + const createtime = note.createdAt + const updatetime = note.lastchangeAt + const title = models.Note.decodeTitle(note.title) + const data = { + title: meta.title || title, + description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null), + viewcount: note.viewcount, + createtime: createtime, + updatetime: updatetime + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(data) +} + +function actionPDF (req, res, note) { + const url = config.serverURL || 'http://' + req.get('host') + const body = note.content + const extracted = models.Note.extractMeta(body) + let content = extracted.markdown + const title = models.Note.decodeTitle(note.title) + + if (!fs.existsSync(config.tmpPath)) { + fs.mkdirSync(config.tmpPath) + } + const path = config.tmpPath + '/' + Date.now() + '.pdf' + content = content.replace(/\]\(\//g, '](' + url + '/') + markdownpdf().from.string(content).to(path, function () { + if (!fs.existsSync(path)) { + logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) + return error.errorInternalError(res) + } + const stream = fs.createReadStream(path) + let filename = title + // Be careful of special characters + filename = encodeURIComponent(filename) + // Ideally this should strip them + res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') + res.setHeader('Cache-Control', 'private') + res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') + res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling + stream.pipe(res) + fs.unlinkSync(path) + }) +} + +function actionGist (req, res, note) { + const data = { + client_id: config.github.clientID, + redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist', + scope: 'gist', + state: shortId.generate() + } + const query = querystring.stringify(data) + res.redirect('https://github.com/login/oauth/authorize?' + query) +} + +function actionRevision (req, res, note) { + const actionId = req.params.actionId + if (actionId) { + const time = moment(parseInt(actionId)) + if (time.isValid()) { + models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) { + if (err) { + logger.error(err) + return error.errorInternalError(res) + } + if (!content) { + return error.errorNotFound(res) + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(content) + }) + } else { + return error.errorNotFound(res) + } + } else { + models.Revision.getNoteRevisions(note, function (err, data) { + if (err) { + logger.error(err) + return error.errorInternalError(res) + } + const out = { + revision: data + } + res.set({ + 'Access-Control-Allow-Origin': '*', // allow CORS as API + 'Access-Control-Allow-Headers': 'Range', + 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range', + 'Cache-Control': 'private', // only cache by client + 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling + }) + res.send(out) + }) + } +} diff --git a/lib/web/note/router.js b/lib/web/note/router.js new file mode 100644 index 00000000..e23b7f64 --- /dev/null +++ b/lib/web/note/router.js @@ -0,0 +1,32 @@ +'use strict' + +const Router = require('express').Router + +const response = require('../../response') + +const { markdownParser } = require('../utils') + +const router = module.exports = Router() + +const noteActions = require('./actions') + +// get new note +router.get('/new', response.postNote) +// post new note with content +router.post('/new', markdownParser, response.postNote) +// post new note with content and alias +router.post('/new/:noteId', markdownParser, response.postNote) +// get publish note +router.get('/s/:shortid', response.showPublishNote) +// publish note actions +router.get('/s/:shortid/:action', response.publishNoteActions) +// get publish slide +router.get('/p/:shortid', response.showPublishSlide) +// publish slide actions +router.get('/p/:shortid/:action', response.publishSlideActions) +// get note by id +router.get('/:noteId', response.showNote) +// note actions +router.get('/:noteId/:action', noteActions.doAction) +// note actions with action id +router.get('/:noteId/:action/:actionId', noteActions.doAction) diff --git a/lib/web/note/util.js b/lib/web/note/util.js new file mode 100644 index 00000000..bda74ac4 --- /dev/null +++ b/lib/web/note/util.js @@ -0,0 +1,67 @@ +const models = require('../../models') +const logger = require('../../logger') +const config = require('../../config') +const errors = require('../../errors') + +exports.findNote = function (req, res, callback, include) { + const id = req.params.noteId || req.params.shortid + models.Note.parseNoteId(id, function (err, _id) { + if (err) { + logger.error(err) + return errors.errorInternalError(res) + } + models.Note.findOne({ + where: { + id: _id + }, + include: include || null + }).then(function (note) { + if (!note) { + return exports.newNote(req, res, null) + } + if (!exports.checkViewPermission(req, note)) { + return errors.errorForbidden(res) + } else { + return callback(note) + } + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) + }) +} + +exports.checkViewPermission = function (req, note) { + if (note.permission === 'private') { + return !(!req.isAuthenticated() || note.ownerId !== req.user.id) + } else if (note.permission === 'limited' || note.permission === 'protected') { + return req.isAuthenticated() + } else { + return true + } +} + +exports.newNote = function (req, res, body) { + let owner = null + const noteId = req.params.noteId ? req.params.noteId : null + if (req.isAuthenticated()) { + owner = req.user.id + } else if (!config.allowAnonymous) { + return errors.errorForbidden(res) + } + if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) { + req.alias = noteId + } else if (noteId) { + return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) + } + models.Note.create({ + ownerId: owner, + alias: req.alias ? req.alias : null, + content: body + }).then(function (note) { + return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) + }).catch(function (err) { + logger.error(err) + return errors.errorInternalError(res) + }) +} -- cgit v1.2.3