mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-12 22:26:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added private permission and clean up codes, solved potential race condition in realtime.js

Browse source
This commit is contained in:
Wu Cheng-Han 2016-01-17 09:51:27 -06:00
parent 473212676a
commit 49c7dded45
6 changed files with 297 additions and 199 deletions
Download patch file Download diff file Expand all files Collapse all files

258
lib/response.js
View file

@ -90,21 +90,9 @@ function showIndex(req, res, next) {
}
function responseHackMD(res, noteId) {
if (noteId != config.featuresnotename) {
if (!Note.checkNoteIdValid(noteId)) {
responseError(res, "404", "Not Found", "oops.");
return;
}
noteId = LZString.decompressFromBase64(noteId);
if (!noteId) {
responseError(res, "404", "Not Found", "oops.");
return;
}
}
db.readFromDB(noteId, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
var body = LZString.decompressFromBase64(data.rows[0].content);
var meta = null;
@ -144,14 +132,18 @@ function newNote(req, res, next) {
body = LZString.compressToBase64(body);
var owner = null;
if (req.isAuthenticated()) {
owner = req.session.passport.user;
owner = req.user._id;
}
db.newToDB(newId, owner, body, function (err, result) {
if (err) {
responseError(res, "500", "Internal Error", "wtf.");
return;
return response.errorInternalError(res);
}
res.redirect("/" + LZString.compressToBase64(newId));
Note.newNote(newId, owner, function(err, result) {
if (err) {
return response.errorInternalError(res);
}
res.redirect("/" + LZString.compressToBase64(newId));
});
});
}
@ -162,8 +154,7 @@ function showFeatures(req, res, next) {
body = LZString.compressToBase64(body);
db.newToDB(config.featuresnotename, null, body, function (err, result) {
if (err) {
responseError(res, "500", "Internal Error", "wtf.");
return;
return response.errorInternalError(res);
}
responseHackMD(res, config.featuresnotename);
});
@ -175,11 +166,32 @@ function showFeatures(req, res, next) {
function showNote(req, res, next) {
var noteId = req.params.noteId;
if (!Note.checkNoteIdValid(noteId)) {
responseError(res, "404", "Not Found", "oops.");
return;
if (noteId != config.featuresnotename) {
if (!Note.checkNoteIdValid(noteId)) {
return response.errorNotFound(res);
}
noteId = LZString.decompressFromBase64(noteId);
if (!noteId) {
return response.errorNotFound(res);
}
}
responseHackMD(res, noteId);
Note.findNote(noteId, function (err, note) {
if (err || !note) {
return response.errorNotFound(res);
}
db.readFromDB(note.id, function (err, data) {
if (err) {
return response.errorNotFound(res);
}
var notedata = data.rows[0];
//check view permission
if (note.permission == 'private') {
if (!req.isAuthenticated() || notedata.owner != req.user._id)
return response.errorForbidden(res);
}
responseHackMD(res, noteId);
});
});
}
function showPublishNote(req, res, next) {
@ -187,30 +199,33 @@ function showPublishNote(req, res, next) {
if (shortId.isValid(shortid)) {
Note.findNote(shortid, function (err, note) {
if (err || !note) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
//increase note viewcount
Note.increaseViewCount(note, function (err, note) {
if (err || !note) {
responseError(res, "404", "Not Found", "oops.");
return;
db.readFromDB(note.id, function (err, data) {
if (err) {
return response.errorNotFound(res);
}
db.readFromDB(note.id, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
var notedata = data.rows[0];
//check view permission
if (note.permission == 'private') {
if (!req.isAuthenticated() || notedata.owner != req.user._id)
return response.errorForbidden(res);
}
//increase note viewcount
Note.increaseViewCount(note, function (err, note) {
if (err || !note) {
return response.errorNotFound(res);
}
var body = LZString.decompressFromBase64(data.rows[0].content);
var body = LZString.decompressFromBase64(notedata.content);
var meta = null;
try {
meta = metaMarked(body).meta;
} catch(err) {
//na
}
var updatetime = data.rows[0].update_time;
var updatetime = notedata.update_time;
var text = S(body).escapeHTML().s;
var title = data.rows[0].title;
var title = notedata.title;
var decodedTitle = LZString.decompressFromBase64(title);
if (decodedTitle) title = decodedTitle;
title = Note.generateWebTitle(title);
@ -247,7 +262,7 @@ function showPublishNote(req, res, next) {
});
});
} else {
responseError(res, "404", "Not Found", "oops.");
return response.errorNotFound(res);
}
}
@ -271,18 +286,12 @@ function renderPublish(data, res) {
function actionPublish(req, res, noteId) {
db.readFromDB(noteId, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
var owner = data.rows[0].owner;
var permission = "freely";
if (owner && owner != "null") {
permission = "editable";
}
Note.findOrNewNote(noteId, permission, function (err, note) {
Note.findOrNewNote(noteId, owner, function (err, note) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
res.redirect("/s/" + note.shortid);
});
@ -292,18 +301,12 @@ function actionPublish(req, res, noteId) {
function actionSlide(req, res, noteId) {
db.readFromDB(noteId, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
var owner = data.rows[0].owner;
var permission = "freely";
if (owner && owner != "null") {
permission = "editable";
}
Note.findOrNewNote(noteId, permission, function (err, note) {
Note.findOrNewNote(noteId, owner, function (err, note) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
res.redirect("/p/" + note.shortid);
});
@ -313,8 +316,7 @@ function actionSlide(req, res, noteId) {
function actionDownload(req, res, noteId) {
db.readFromDB(noteId, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
var body = LZString.decompressFromBase64(data.rows[0].content);
var title = Note.getNoteTitle(body);
@ -331,8 +333,7 @@ function actionDownload(req, res, noteId) {
function actionPDF(req, res, noteId) {
db.readFromDB(noteId, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
var body = LZString.decompressFromBase64(data.rows[0].content);
try {
@ -365,57 +366,81 @@ function noteActions(req, res, next) {
var noteId = req.params.noteId;
if (noteId != config.featuresnotename) {
if (!Note.checkNoteIdValid(noteId)) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
noteId = LZString.decompressFromBase64(noteId);
if (!noteId) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
}
var action = req.params.action;
switch (action) {
case "publish":
case "pretty": //pretty deprecated
actionPublish(req, res, noteId);
break;
case "slide":
actionSlide(req, res, noteId);
break;
case "download":
actionDownload(req, res, noteId);
break;
case "pdf":
actionPDF(req, res, noteId);
break;
default:
if (noteId != config.featuresnotename)
res.redirect('/' + LZString.compressToBase64(noteId));
else
res.redirect('/' + noteId);
break;
}
Note.findNote(noteId, function (err, note) {
if (err || !note) {
return response.errorNotFound(res);
}
db.readFromDB(note.id, function (err, data) {
if (err) {
return response.errorNotFound(res);
}
var notedata = data.rows[0];
//check view permission
if (note.permission == 'private') {
if (!req.isAuthenticated() || notedata.owner != req.user._id)
return response.errorForbidden(res);
}
var action = req.params.action;
switch (action) {
case "publish":
case "pretty": //pretty deprecated
actionPublish(req, res, noteId);
break;
case "slide":
actionSlide(req, res, noteId);
break;
case "download":
actionDownload(req, res, noteId);
break;
case "pdf":
actionPDF(req, res, noteId);
break;
default:
if (noteId != config.featuresnotename)
res.redirect('/' + LZString.compressToBase64(noteId));
else
res.redirect('/' + noteId);
break;
}
});
});
}
function publishNoteActions(req, res, next) {
var action = req.params.action;
switch (action) {
case "edit":
var shortid = req.params.shortid;
if (shortId.isValid(shortid)) {
Note.findNote(shortid, function (err, note) {
if (err || !note) {
responseError(res, "404", "Not Found", "oops.");
return;
var shortid = req.params.shortid;
if (shortId.isValid(shortid)) {
Note.findNote(shortid, function (err, note) {
if (err || !note) {
return response.errorNotFound(res);
}
db.readFromDB(note.id, function (err, data) {
if (err) {
return response.errorNotFound(res);
}
var notedata = data.rows[0];
//check view permission
if (note.permission == 'private') {
if (!req.isAuthenticated() || notedata.owner != req.user._id)
return response.errorForbidden(res);
}
var action = req.params.action;
switch (action) {
case "edit":
if (note.id != config.featuresnotename)
res.redirect('/' + LZString.compressToBase64(note.id));
else
res.redirect('/' + note.id);
break;
}
if (note.id != config.featuresnotename)
res.redirect('/' + LZString.compressToBase64(note.id));
else
res.redirect('/' + note.id);
});
}
break;
});
}
}
@ -424,27 +449,30 @@ function showPublishSlide(req, res, next) {
if (shortId.isValid(shortid)) {
Note.findNote(shortid, function (err, note) {
if (err || !note) {
responseError(res, "404", "Not Found", "oops.");
return;
return response.errorNotFound(res);
}
//increase note viewcount
Note.increaseViewCount(note, function (err, note) {
if (err || !note) {
responseError(res, "404", "Not Found", "oops.");
return;
db.readFromDB(note.id, function (err, data) {
if (err) {
return response.errorNotFound(res);
}
db.readFromDB(note.id, function (err, data) {
if (err) {
responseError(res, "404", "Not Found", "oops.");
return;
var notedata = data.rows[0];
//check view permission
if (note.permission == 'private') {
if (!req.isAuthenticated() || notedata.owner != req.user._id)
return response.errorForbidden(res);
}
//increase note viewcount
Note.increaseViewCount(note, function (err, note) {
if (err || !note) {
return response.errorNotFound(res);
}
var body = LZString.decompressFromBase64(data.rows[0].content);
var body = LZString.decompressFromBase64(notedata.content);
try {
body = metaMarked(body).markdown;
} catch(err) {
//na
}
var title = data.rows[0].title;
var title = notedata.title;
var decodedTitle = LZString.decompressFromBase64(title);
if (decodedTitle) title = decodedTitle;
title = Note.generateWebTitle(title);
@ -454,7 +482,7 @@ function showPublishSlide(req, res, next) {
});
});
} else {
responseError(res, "404", "Not Found", "oops.");
return response.errorNotFound(res);
}
}