sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #213 from davidmehren/refactor_backend_notes

Browse Source 
First steps in refactoring the backend code
This commit is contained in:
Sheogorath
2019-11-20 20:07:35 +01:00
committed by GitHub
parent f894d3c2fa b5ccceff59
commit 689f5a0a95
19 changed files with 564 additions and 581 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/web/auth/email/index.js
View File

@@ -9,7 +9,7 @@ const models = require('../../../models')
const logger = require('../../../logger')
const { setReturnToFromReferer } = require('../utils')
const { urlencodedParser } = require('../../utils')
const response = require('../../../response')
const errors = require('../../../errors')
let emailAuth = module.exports = Router()
@@ -39,8 +39,8 @@ passport.use(new LocalStrategy({
if (config.allowEmailRegister) {
emailAuth.post('/register', urlencodedParser, function (req, res, next) {
if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
models.User.findOrCreate({
where: {
email: req.body.email
@@ -63,14 +63,14 @@ if (config.allowEmailRegister) {
return res.redirect(config.serverURL + '/')
}).catch(function (err) {
logger.error('auth callback failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
})
}
emailAuth.post('/login', urlencodedParser, function (req, res, next) {
if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
setReturnToFromReferer(req)
passport.authenticate('local', {
successReturnToOrRedirect: config.serverURL + '/',

4
lib/web/auth/ldap/index.js
View File

@@ -8,7 +8,7 @@ const models = require('../../../models')
const logger = require('../../../logger')
const { setReturnToFromReferer } = require('../utils')
const { urlencodedParser } = require('../../utils')
const response = require('../../../response')
const errors = require('../../../errors')
let ldapAuth = module.exports = Router()
@@ -81,7 +81,7 @@ passport.use(new LDAPStrategy({
}))
ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {
if (!req.body.username || !req.body.password) return response.errorBadRequest(res)
if (!req.body.username || !req.body.password) return errors.errorBadRequest(res)
setReturnToFromReferer(req)
passport.authenticate('ldapauth', {
successReturnToOrRedirect: config.serverURL + '/',

8
lib/web/baseRouter.js
View File

@@ -6,17 +6,19 @@ const response = require('../response')
const baseRouter = module.exports = Router()
const errors = require('../errors')
// get index
baseRouter.get('/', response.showIndex)
// get 403 forbidden
baseRouter.get('/403', function (req, res) {
response.errorForbidden(res)
errors.errorForbidden(res)
})
// get 404 not found
baseRouter.get('/404', function (req, res) {
response.errorNotFound(res)
errors.errorNotFound(res)
})
// get 500 internal error
baseRouter.get('/500', function (req, res) {
response.errorInternalError(res)
errors.errorInternalError(res)
})

4
lib/web/imageRouter/index.js
View File

@@ -5,7 +5,7 @@ const formidable = require('formidable')
const config = require('../../config')
const logger = require('../../logger')
const response = require('../../response')
const errors = require('../../errors')
const imageRouter = module.exports = Router()
@@ -22,7 +22,7 @@ imageRouter.post('/uploadimage', function (req, res) {
form.parse(req, function (err, fields, files) {
if (err || !files.image || !files.image.path) {
logger.error(`formidable error: ${err}`)
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`)

4
lib/web/middleware/checkURIValid.js
View File

@@ -1,14 +1,14 @@
'use strict'
const logger = require('../../logger')
const response = require('../../response')
const errors = require('../../errors')
module.exports = function (req, res, next) {
try {
decodeURIComponent(req.path)
} catch (err) {
logger.error(err)
return response.errorBadRequest(res)
return errors.errorBadRequest(res)
}
next()
}

4
lib/web/middleware/tooBusy.js
View File

@@ -2,14 +2,14 @@
const toobusy = require('toobusy-js')
const response = require('../../response')
const errors = require('../../errors')
const config = require('../../config')
toobusy.maxLag(config.tooBusyLag)
module.exports = function (req, res, next) {
if (toobusy()) {
response.errorServiceUnavailable(res)
errors.errorServiceUnavailable(res)
} else {
next()
}

122
lib/web/note/actions.js Normal file
View File

@@ -0,0 +1,122 @@
const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const errors = require('../../errors')
const fs = require('fs')
const shortId = require('shortid')
const markdownpdf = require('markdown-pdf')
const moment = require('moment')
const querystring = require('querystring')
exports.getInfo = function getInfo (req, res, note) {
const body = note.content
const extracted = models.Note.extractMeta(body)
const markdown = extracted.markdown
const meta = models.Note.parseMeta(extracted.meta)
const createtime = note.createdAt
const updatetime = note.lastchangeAt
const title = models.Note.decodeTitle(note.title)
const data = {
title: meta.title || title,
description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
viewcount: note.viewcount,
createtime: createtime,
updatetime: updatetime
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(data)
}
exports.createPDF = function createPDF (req, res, note) {
const url = config.serverURL || 'http://' + req.get('host')
const body = note.content
const extracted = models.Note.extractMeta(body)
let content = extracted.markdown
const title = models.Note.decodeTitle(note.title)
if (!fs.existsSync(config.tmpPath)) {
fs.mkdirSync(config.tmpPath)
}
const path = config.tmpPath + '/' + Date.now() + '.pdf'
content = content.replace(/\]\(\//g, '](' + url + '/')
markdownpdf().from.string(content).to(path, function () {
if (!fs.existsSync(path)) {
logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
return errors.errorInternalError(res)
}
const stream = fs.createReadStream(path)
let filename = title
// Be careful of special characters
filename = encodeURIComponent(filename)
// Ideally this should strip them
res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
res.setHeader('Cache-Control', 'private')
res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
stream.pipe(res)
fs.unlinkSync(path)
})
}
exports.createGist = function createGist (req, res, note) {
const data = {
client_id: config.github.clientID,
redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
scope: 'gist',
state: shortId.generate()
}
const query = querystring.stringify(data)
res.redirect('https://github.com/login/oauth/authorize?' + query)
}
exports.getRevision = function getRevision (req, res, note) {
const actionId = req.params.actionId
if (actionId) {
const time = moment(parseInt(actionId))
if (time.isValid()) {
models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
if (err) {
logger.error(err)
return errors.errorInternalError(res)
}
if (!content) {
return errors.errorNotFound(res)
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(content)
})
} else {
return errors.errorNotFound(res)
}
} else {
models.Revision.getNoteRevisions(note, function (err, data) {
if (err) {
logger.error(err)
return errors.errorInternalError(res)
}
const out = {
revision: data
}
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(out)
})
}
}

147
lib/web/note/controller.js Normal file
View File

@@ -0,0 +1,147 @@
'use strict'
const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const errors = require('../../errors')
const noteUtil = require('./util')
const noteActions = require('./actions')
exports.publishNoteActions = function (req, res, next) {
noteUtil.findNote(req, res, function (note) {
const action = req.params.action
switch (action) {
case 'download':
exports.downloadMarkdown(req, res, note)
break
case 'edit':
res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
break
default:
res.redirect(config.serverURL + '/s/' + note.shortid)
break
}
})
}
exports.showPublishNote = function (req, res, next) {
const include = [{
model: models.User,
as: 'owner'
}, {
model: models.User,
as: 'lastchangeuser'
}]
noteUtil.findNote(req, res, function (note) {
// force to use short id
const shortid = req.params.shortid
if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
}
note.increment('viewcount').then(function (note) {
if (!note) {
return errors.errorNotFound(res)
}
noteUtil.getPublishData(req, res, note, (data) => {
res.set({
'Cache-Control': 'private' // only cache by client
})
return res.render('pretty.ejs', data)
})
}).catch(function (err) {
logger.error(err)
return errors.errorInternalError(res)
})
}, include)
}
exports.showNote = function (req, res, next) {
noteUtil.findNote(req, res, function (note) {
// force to use note id
const noteId = req.params.noteId
const id = models.Note.encodeNoteId(note.id)
if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) {
return res.redirect(config.serverURL + '/' + (note.alias || id))
}
const body = note.content
const extracted = models.Note.extractMeta(body)
const meta = models.Note.parseMeta(extracted.meta)
let title = models.Note.decodeTitle(note.title)
title = models.Note.generateWebTitle(meta.title || title)
const opengraph = models.Note.parseOpengraph(meta, title)
res.set({
'Cache-Control': 'private', // only cache by client
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
return res.render('codimd.ejs', {
title: title,
opengraph: opengraph
})
})
}
exports.createFromPOST = function (req, res, next) {
let body = ''
if (req.body && req.body.length > config.documentMaxLength) {
return errors.errorTooLong(res)
} else if (req.body) {
body = req.body
}
body = body.replace(/[\r]/g, '')
return noteUtil.newNote(req, res, body)
}
exports.doAction = function (req, res, next) {
const noteId = req.params.noteId
noteUtil.findNote(req, res, function (note) {
const action = req.params.action
switch (action) {
case 'publish':
case 'pretty': // pretty deprecated
res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
break
case 'slide':
res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
break
case 'download':
exports.downloadMarkdown(req, res, note)
break
case 'info':
noteActions.getInfo(req, res, note)
break
case 'pdf':
if (config.allowPDFExport) {
noteActions.createPDF(req, res, note)
} else {
logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
errors.errorForbidden(res)
}
break
case 'gist':
noteActions.createGist(req, res, note)
break
case 'revision':
noteActions.getRevision(req, res, note)
break
default:
return res.redirect(config.serverURL + '/' + noteId)
}
})
}
exports.downloadMarkdown = function (req, res, note) {
const body = note.content
let filename = models.Note.decodeTitle(note.title)
filename = encodeURIComponent(filename)
res.set({
'Access-Control-Allow-Origin': '*', // allow CORS as API
'Access-Control-Allow-Headers': 'Range',
'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
'Content-Type': 'text/markdown; charset=UTF-8',
'Cache-Control': 'private',
'Content-disposition': 'attachment; filename=' + filename + '.md',
'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
})
res.send(body)
}

30
lib/web/note/router.js Normal file
View File

@@ -0,0 +1,30 @@
'use strict'
const Router = require('express').Router
const { markdownParser } = require('../utils')
const router = module.exports = Router()
const noteController = require('./controller')
const slide = require('./slide')
// get new note
router.get('/new', noteController.createFromPOST)
// post new note with content
router.post('/new', markdownParser, noteController.createFromPOST)
// post new note with content and alias
router.post('/new/:noteId', markdownParser, noteController.createFromPOST)
// get publish note
router.get('/s/:shortid', noteController.showPublishNote)
// publish note actions
router.get('/s/:shortid/:action', noteController.publishNoteActions)
// get publish slide
router.get('/p/:shortid', slide.showPublishSlide)
// publish slide actions
router.get('/p/:shortid/:action', slide.publishSlideActions)
// get note by id
router.get('/:noteId', noteController.showNote)
// note actions
router.get('/:noteId/:action', noteController.doAction)
// note actions with action id
router.get('/:noteId/:action/:actionId', noteController.doAction)

45
lib/web/note/slide.js Normal file
View File

@@ -0,0 +1,45 @@
const noteUtil = require('./util')
const models = require('../../models')
const errors = require('../../errors')
const logger = require('../../logger')
const config = require('../../config')
exports.publishSlideActions = function (req, res, next) {
noteUtil.findNote(req, res, function (note) {
const action = req.params.action
if (action === 'edit') {
res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
} else { res.redirect(config.serverURL + '/p/' + note.shortid) }
})
}
exports.showPublishSlide = function (req, res, next) {
const include = [{
model: models.User,
as: 'owner'
}, {
model: models.User,
as: 'lastchangeuser'
}]
noteUtil.findNote(req, res, function (note) {
// force to use short id
const shortid = req.params.shortid
if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
}
note.increment('viewcount').then(function (note) {
if (!note) {
return errors.errorNotFound(res)
}
noteUtil.getPublishData(req, res, note, (data) => {
res.set({
'Cache-Control': 'private' // only cache by client
})
return res.render('slide.ejs', data)
})
}).catch(function (err) {
logger.error(err)
return errors.errorInternalError(res)
})
}, include)
}

109
lib/web/note/util.js Normal file
View File

@@ -0,0 +1,109 @@
const models = require('../../models')
const logger = require('../../logger')
const config = require('../../config')
const errors = require('../../errors')
const fs = require('fs')
const path = require('path')
exports.findNote = function (req, res, callback, include) {
const id = req.params.noteId || req.params.shortid
models.Note.parseNoteId(id, function (err, _id) {
if (err) {
logger.error(err)
return errors.errorInternalError(res)
}
models.Note.findOne({
where: {
id: _id
},
include: include || null
}).then(function (note) {
if (!note) {
return exports.newNote(req, res, null)
}
if (!exports.checkViewPermission(req, note)) {
return errors.errorForbidden(res)
} else {
return callback(note)
}
}).catch(function (err) {
logger.error(err)
return errors.errorInternalError(res)
})
})
}
exports.checkViewPermission = function (req, note) {
if (note.permission === 'private') {
return !(!req.isAuthenticated() || note.ownerId !== req.user.id)
} else if (note.permission === 'limited' || note.permission === 'protected') {
return req.isAuthenticated()
} else {
return true
}
}
exports.newNote = function (req, res, body) {
let owner = null
const noteId = req.params.noteId ? req.params.noteId : null
if (req.isAuthenticated()) {
owner = req.user.id
} else if (!config.allowAnonymous) {
return errors.errorForbidden(res)
}
if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
req.alias = noteId
} else if (noteId) {
return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
}
models.Note.create({
ownerId: owner,
alias: req.alias ? req.alias : null,
content: body
}).then(function (note) {
return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
}).catch(function (err) {
logger.error(err)
return errors.errorInternalError(res)
})
}
exports.getPublishData = function (req, res, note, callback) {
const body = note.content
const extracted = models.Note.extractMeta(body)
const markdown = extracted.markdown
const meta = models.Note.parseMeta(extracted.meta)
const createtime = note.createdAt
const updatetime = note.lastchangeAt
let title = models.Note.decodeTitle(note.title)
title = models.Note.generateWebTitle(meta.title || title)
const ogdata = models.Note.parseOpengraph(meta, title)
const data = {
title: title,
description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
viewcount: note.viewcount,
createtime: createtime,
updatetime: updatetime,
body: markdown,
theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme),
meta: JSON.stringify(extracted.meta),
owner: note.owner ? note.owner.id : null,
ownerprofile: note.owner ? models.User.getProfile(note.owner) : null,
lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,
lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null,
robots: meta.robots || false, // default allow robots
GA: meta.GA,
disqus: meta.disqus,
cspNonce: res.locals.nonce,
dnt: req.headers.dnt,
opengraph: ogdata
}
callback(data)
}
function isRevealTheme (theme) {
if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) {
return theme
}
return undefined
}

30
lib/web/noteRouter.js
View File

@@ -1,30 +0,0 @@
'use strict'
const Router = require('express').Router
const response = require('../response')
const { markdownParser } = require('./utils')
const noteRouter = module.exports = Router()
// get new note
noteRouter.get('/new', response.postNote)
// post new note with content
noteRouter.post('/new', markdownParser, response.postNote)
// post new note with content and alias
noteRouter.post('/new/:noteId', markdownParser, response.postNote)
// get publish note
noteRouter.get('/s/:shortid', response.showPublishNote)
// publish note actions
noteRouter.get('/s/:shortid/:action', response.publishNoteActions)
// get publish slide
noteRouter.get('/p/:shortid', response.showPublishSlide)
// publish slide actions
noteRouter.get('/p/:shortid/:action', response.publishSlideActions)
// get note by id
noteRouter.get('/:noteId', response.showNote)
// note actions
noteRouter.get('/:noteId/:action', response.noteActions)
// note actions with action id
noteRouter.get('/:noteId/:action/:actionId', response.noteActions)

18
lib/web/statusRouter.js
View File

@@ -2,7 +2,7 @@
const Router = require('express').Router
const response = require('../response')
const errors = require('../errors')
const realtime = require('../realtime')
const config = require('../config')
const models = require('../models')
@@ -27,11 +27,11 @@ statusRouter.get('/status', function (req, res, next) {
statusRouter.get('/temp', function (req, res) {
var host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
var tempid = req.query.tempid
if (!tempid) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
models.Temp.findOne({
where: {
@@ -39,7 +39,7 @@ statusRouter.get('/temp', function (req, res) {
}
}).then(function (temp) {
if (!temp) {
response.errorNotFound(res)
errors.errorNotFound(res)
} else {
res.header('Access-Control-Allow-Origin', '*')
res.send({
@@ -53,7 +53,7 @@ statusRouter.get('/temp', function (req, res) {
}
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
}
}
@@ -62,11 +62,11 @@ statusRouter.get('/temp', function (req, res) {
statusRouter.post('/temp', urlencodedParser, function (req, res) {
var host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
var data = req.body.data
if (!data) {
response.errorForbidden(res)
errors.errorForbidden(res)
} else {
logger.debug(`SERVER received temp from [${host}]: ${req.body.data}`)
models.Temp.create({
@@ -79,11 +79,11 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) {
id: temp.id
})
} else {
response.errorInternalError(res)
errors.errorInternalError(res)
}
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
}
}

22
lib/web/userRouter.js
View File

@@ -4,7 +4,7 @@ const archiver = require('archiver')
const async = require('async')
const Router = require('express').Router
const response = require('../response')
const errors = require('../errors')
const config = require('../config')
const models = require('../models')
const logger = require('../logger')
@@ -20,7 +20,7 @@ UserRouter.get('/me', function (req, res) {
id: req.user.id
}
}).then(function (user) {
if (!user) { return response.errorNotFound(res) }
if (!user) { return errors.errorNotFound(res) }
var profile = models.User.getProfile(user)
res.send({
status: 'ok',
@@ -30,7 +30,7 @@ UserRouter.get('/me', function (req, res) {
})
}).catch(function (err) {
logger.error('read me failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
res.send({
@@ -48,21 +48,21 @@ UserRouter.get('/me/delete/:token?', function (req, res) {
}
}).then(function (user) {
if (!user) {
return response.errorNotFound(res)
return errors.errorNotFound(res)
}
if (user.deleteToken === req.params.token) {
user.destroy().then(function () {
res.redirect(config.serverURL + '/')
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
}).catch(function (err) {
logger.error('delete user failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
})
@@ -78,7 +78,7 @@ UserRouter.get('/me/export', function (req, res) {
archive.pipe(res)
archive.on('error', function (err) {
logger.error('export user data failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
models.User.findOne({
where: {
@@ -107,7 +107,7 @@ UserRouter.get('/me/export', function (req, res) {
callback(null, null)
}, function (err) {
if (err) {
return response.errorInternalError(res)
return errors.errorInternalError(res)
}
archive.finalize()
@@ -115,10 +115,10 @@ UserRouter.get('/me/export', function (req, res) {
})
}).catch(function (err) {
logger.error('export user data failed: ' + err)
return response.errorInternalError(res)
return errors.errorInternalError(res)
})
} else {
return response.errorForbidden(res)
return errors.errorForbidden(res)
}
})