mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 22:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: use user-token for historyDelete too

Browse source 
Previously, the user token was only used for the endpoint
to delete the user itself. This commit adds that token to
the history deletion as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2024-12-17 14:44:12 +01:00
parent 4fdab806a3
commit eb2a1d8344
No known key found for this signature in database
GPG key ID: DB99ADDDC5C0AF82
4 changed files with 26 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

39
lib/history.js
View file

@ -174,26 +174,31 @@ function historyPost (req, res) {
} }
function historyDelete (req, res) { function historyDelete (req, res) {
if (req.isAuthenticated()) { if (!req.isAuthenticated()) {
const noteId = req.params.noteId return errors.errorForbidden(res)
if (!noteId) { }
setHistory(req.user.id, [], function (err, count) {
const token = req.query.token
if (!token || token !== req.user.deleteToken) {
return errors.errorForbidden(res)
}
const noteId = req.params.noteId
if (!noteId) {
setHistory(req.user.id, [], function (err, count) {
if (err) return errors.errorInternalError(res)
res.end()
})
} else {
getHistory(req.user.id, function (err, history) {
if (err) return errors.errorInternalError(res)
if (!history) return errors.errorNotFound(res)
delete history[noteId]
setHistory(req.user.id, history, function (err, count) {
if (err) return errors.errorInternalError(res) if (err) return errors.errorInternalError(res)
res.end() res.end()
}) })
} else { })
getHistory(req.user.id, function (err, history) {
if (err) return errors.errorInternalError(res)
if (!history) return errors.errorNotFound(res)
delete history[noteId]
setHistory(req.user.id, history, function (err, count) {
if (err) return errors.errorInternalError(res)
res.end()
})
})
}
} else {
return errors.errorForbidden(res)
} }
} }

3
lib/web/statusRouter.js
View file

@ -111,7 +111,8 @@ statusRouter.get('/config', function (req, res) {
DROPBOX_APP_KEY: config.dropbox.appKey, DROPBOX_APP_KEY: config.dropbox.appKey,
allowedUploadMimeTypes: config.allowedUploadMimeTypes, allowedUploadMimeTypes: config.allowedUploadMimeTypes,
linkifyHeaderStyle: config.linkifyHeaderStyle, linkifyHeaderStyle: config.linkifyHeaderStyle,
cookiePolicy: config.cookiePolicy cookiePolicy: config.cookiePolicy,
userToken: req.user ? req.user.deleteToken : ''
} }
res.set({ res.set({
'Cache-Control': 'private', // only cache by client 'Cache-Control': 'private', // only cache by client

2
public/js/history.js
View file

@ -296,7 +296,7 @@ export function postHistoryToServer (noteId, data, callback) {
export function deleteServerHistory (noteId, callback) { export function deleteServerHistory (noteId, callback) {
$.ajax({ $.ajax({
url: `${serverurl}/history${noteId ? '/' + noteId : ''}`, url: `${serverurl}/history${noteId ? '/' + noteId : ''}?token=${window.userToken}`,
type: 'DELETE' type: 'DELETE'
}) })
.done(result => callback(null, result)) .done(result => callback(null, result))

1
public/js/lib/common/constant.ejs
View file

@ -10,3 +10,4 @@ window.linkifyHeaderStyle = '<%- linkifyHeaderStyle %>'
window.DROPBOX_APP_KEY = '<%- DROPBOX_APP_KEY %>' window.DROPBOX_APP_KEY = '<%- DROPBOX_APP_KEY %>'
window.cookiePolicy = '<%- cookiePolicy %>' window.cookiePolicy = '<%- cookiePolicy %>'
window.userToken = '<%- userToken %>'