hedgedoc/lib/response.js

'use strict'
// response
// external modules
var fs = require('fs')
var path = require('path')
var request = require('request')
// core
var config = require('./config')
var logger = require('./logger')
var models = require('./models')
const noteUtil = require('./web/note/util')
const errors = require('./errors')

// public
var response = {
  showIndex: showIndex,
  githubActions: githubActions,
  gitlabActions: gitlabActions
}

function showIndex (req, res, next) {
  var authStatus = req.isAuthenticated()
  var deleteToken = ''

  var data = {
    signin: authStatus,
    infoMessage: req.flash('info'),
    errorMessage: req.flash('error'),
    imprint: fs.existsSync(path.join(config.docsPath, 'imprint.md')),
    privacyStatement: fs.existsSync(path.join(config.docsPath, 'privacy.md')),
    termsOfUse: fs.existsSync(path.join(config.docsPath, 'terms-of-use.md')),
    deleteToken: deleteToken
  }

  if (authStatus) {
    models.User.findOne({
      where: {
        id: req.user.id
      }
    }).then(function (user) {
      if (user) {
        data.deleteToken = user.deleteToken
        res.render('index.ejs', data)
      }
    })
  } else {
    res.render('index.ejs', data)
  }
}

function githubActions (req, res, next) {
  var noteId = req.params.noteId
  noteUtil.findNote(req, res, function (note) {
    var action = req.params.action
    switch (action) {
      case 'gist':
        githubActionGist(req, res, note)
        break
      default:
        res.redirect(config.serverURL + '/' + noteId)
        break
    }
  })
}

function githubActionGist (req, res, note) {
  var code = req.query.code
  var state = req.query.state
  if (!code || !state) {
    return errors.errorForbidden(res)
  } else {
    var data = {
      client_id: config.github.clientID,
      client_secret: config.github.clientSecret,
      code: code,
      state: state
    }
    var authUrl = 'https://github.com/login/oauth/access_token'
    request({
      url: authUrl,
      method: 'POST',
      json: data
    }, function (error, httpResponse, body) {
      if (!error && httpResponse.statusCode === 200) {
        var accessToken = body.access_token
        if (accessToken) {
          var content = note.content
          var title = models.Note.decodeTitle(note.title)
          var filename = title.replace('/', ' ') + '.md'
          var gist = {
            'files': {}
          }
          gist.files[filename] = {
            'content': content
          }
          var gistUrl = 'https://api.github.com/gists'
          request({
            url: gistUrl,
            headers: {
              'User-Agent': 'CodiMD',
              'Authorization': 'token ' + accessToken
            },
            method: 'POST',
            json: gist
          }, function (error, httpResponse, body) {
            if (!error && httpResponse.statusCode === 201) {
              res.setHeader('referer', '')
              res.redirect(body.html_url)
            } else {
              return errors.errorForbidden(res)
            }
          })
        } else {
          return errors.errorForbidden(res)
        }
      } else {
        return errors.errorForbidden(res)
      }
    })
  }
}

function gitlabActions (req, res, next) {
  var noteId = req.params.noteId
  noteUtil.findNote(req, res, function (note) {
    var action = req.params.action
    switch (action) {
      case 'projects':
        gitlabActionProjects(req, res, note)
        break
      default:
        res.redirect(config.serverURL + '/' + noteId)
        break
    }
  })
}

function gitlabActionProjects (req, res, note) {
  if (req.isAuthenticated()) {
    models.User.findOne({
      where: {
        id: req.user.id
      }
    }).then(function (user) {
      if (!user) { return errors.errorNotFound(res) }
      var ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version }
      ret.accesstoken = user.accessToken
      ret.profileid = user.profileid
      request(
        config.gitlab.baseURL + '/api/' + config.gitlab.version + '/projects?membership=yes&per_page=100&access_token=' + user.accessToken,
        function (error, httpResponse, body) {
          if (!error && httpResponse.statusCode === 200) {
            ret.projects = JSON.parse(body)
            return res.send(ret)
          } else {
            return res.send(ret)
          }
        }
      )
    }).catch(function (err) {
      logger.error('gitlab action projects failed: ' + err)
      return errors.errorInternalError(res)
    })
  } else {
    return errors.errorForbidden(res)
  }
}

module.exports = response
Use strict mode in all backend files add ‘use strict’ in all backend file 2017-03-14 01:02:43 -04:00			`'use strict'`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`// response`
			`// external modules`
			`var fs = require('fs')`
Add privacy and ToS links To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-22 19:14:52 -04:00			`var path = require('path')`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`var request = require('request')`
			`// core`
refactor: Remove `require` extension filename 2017-04-12 12:20:28 -04:00			`var config = require('./config')`
			`var logger = require('./logger')`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`var models = require('./models')`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`const noteUtil = require('./web/note/util')`
			`const errors = require('./errors')`
First commit, version 0.2.7 2015-05-04 03:53:29 -04:00
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`// public`
First commit, version 0.2.7 2015-05-04 03:53:29 -04:00			`var response = {`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`showIndex: showIndex,`
			`githubActions: githubActions,`
			`gitlabActions: gitlabActions`
			`}`
First commit, version 0.2.7 2015-05-04 03:53:29 -04:00
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`function showIndex (req, res, next) {`
Add token based security feature In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-25 12:19:31 -04:00			`var authStatus = req.isAuthenticated()`
			`var deleteToken = ''`

			`var data = {`
			`signin: authStatus,`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`infoMessage: req.flash('info'),`
Add privacy and ToS links To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-22 19:14:52 -04:00			`errorMessage: req.flash('error'),`
Add link to imprint Signed-off-by: Matthias Lindinger <m.lindinger@live.de> 2019-08-26 08:55:41 -04:00			`imprint: fs.existsSync(path.join(config.docsPath, 'imprint.md')),`
Add privacy and ToS links To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-22 19:14:52 -04:00			`privacyStatement: fs.existsSync(path.join(config.docsPath, 'privacy.md')),`
Add token based security feature In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-25 12:19:31 -04:00			`termsOfUse: fs.existsSync(path.join(config.docsPath, 'terms-of-use.md')),`
			`deleteToken: deleteToken`
			`}`

			`if (authStatus) {`
			`models.User.findOne({`
			`where: {`
			`id: req.user.id`
			`}`
			`}).then(function (user) {`
			`if (user) {`
			`data.deleteToken = user.deleteToken`
removing superfluous config parameters for template files Signed-off-by: Claudius <opensource@amenthes.de> 2018-09-10 16:35:38 -04:00			`res.render('index.ejs', data)`
Add token based security feature In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-25 12:19:31 -04:00			`}`
			`})`
			`} else {`
removing superfluous config parameters for template files Signed-off-by: Claudius <opensource@amenthes.de> 2018-09-10 16:35:38 -04:00			`res.render('index.ejs', data)`
Add token based security feature In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-05-25 12:19:31 -04:00			`}`
Added server option "useCdn", use template statement to route resources' source 2015-09-22 00:06:13 -04:00			`}`

Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`function githubActions (req, res, next) {`
			`var noteId = req.params.noteId`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`noteUtil.findNote(req, res, function (note) {`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`var action = req.params.action`
			`switch (action) {`
			`case 'gist':`
			`githubActionGist(req, res, note)`
			`break`
			`default:`
Change config to camel case with backwards compatibility This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-03-07 09:17:35 -05:00			`res.redirect(config.serverURL + '/' + noteId)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`break`
			`}`
			`})`
Supported export to gist 2016-01-31 16:42:26 -05:00			`}`

Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`function githubActionGist (req, res, note) {`
			`var code = req.query.code`
			`var state = req.query.state`
			`if (!code \|\| !state) {`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`return errors.errorForbidden(res)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`} else {`
			`var data = {`
			`client_id: config.github.clientID,`
			`client_secret: config.github.clientSecret,`
			`code: code,`
			`state: state`
			`}`
			`var authUrl = 'https://github.com/login/oauth/access_token'`
			`request({`
			`url: authUrl,`
			`method: 'POST',`
			`json: data`
			`}, function (error, httpResponse, body) {`
			`if (!error && httpResponse.statusCode === 200) {`
			`var accessToken = body.access_token`
			`if (accessToken) {`
			`var content = note.content`
			`var title = models.Note.decodeTitle(note.title)`
			`var filename = title.replace('/', ' ') + '.md'`
			`var gist = {`
			`'files': {}`
			`}`
			`gist.files[filename] = {`
			`'content': content`
			`}`
			`var gistUrl = 'https://api.github.com/gists'`
			`request({`
			`url: gistUrl,`
			`headers: {`
Final replacements Looks like I missed a few. This should be complete now. And make us ready for the repo rename and merging. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-06-24 08:13:38 -04:00			`'User-Agent': 'CodiMD',`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`'Authorization': 'token ' + accessToken`
			`},`
			`method: 'POST',`
			`json: gist`
			`}, function (error, httpResponse, body) {`
			`if (!error && httpResponse.statusCode === 201) {`
			`res.setHeader('referer', '')`
			`res.redirect(body.html_url)`
Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias) 2016-04-20 06:03:55 -04:00			`} else {`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`return errors.errorForbidden(res)`
Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias) 2016-04-20 06:03:55 -04:00			`}`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`})`
			`} else {`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`return errors.errorForbidden(res)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`}`
			`} else {`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`return errors.errorForbidden(res)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`}`
			`})`
			`}`
Supported export to gist 2016-01-31 16:42:26 -05:00			`}`
Jump to 0.3.1 2015-07-01 12:10:20 -04:00
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`function gitlabActions (req, res, next) {`
			`var noteId = req.params.noteId`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`noteUtil.findNote(req, res, function (note) {`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`var action = req.params.action`
			`switch (action) {`
			`case 'projects':`
			`gitlabActionProjects(req, res, note)`
			`break`
			`default:`
Change config to camel case with backwards compatibility This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-03-07 09:17:35 -05:00			`res.redirect(config.serverURL + '/' + noteId)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`break`
			`}`
			`})`
Update to move gitlab api path to sub path and fix its find user method for PR #121 2016-05-16 06:16:45 -04:00			`}`

Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`function gitlabActionProjects (req, res, note) {`
			`if (req.isAuthenticated()) {`
			`models.User.findOne({`
			`where: {`
			`id: req.user.id`
			`}`
			`}).then(function (user) {`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`if (!user) { return errors.errorNotFound(res) }`
Add possibility to choose between version v3 or v4 for the gitlab api. Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com> 2018-07-30 09:47:09 -04:00			`var ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version }`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`ret.accesstoken = user.accessToken`
			`ret.profileid = user.profileid`
			`request(`
Fix eslint warnings Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2019-05-30 18:27:56 -04:00			`config.gitlab.baseURL + '/api/' + config.gitlab.version + '/projects?membership=yes&per_page=100&access_token=' + user.accessToken,`
			`function (error, httpResponse, body) {`
			`if (!error && httpResponse.statusCode === 200) {`
			`ret.projects = JSON.parse(body)`
			`return res.send(ret)`
			`} else {`
			`return res.send(ret)`
			`}`
			`}`
			`)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`}).catch(function (err) {`
			`logger.error('gitlab action projects failed: ' + err)`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`return errors.errorInternalError(res)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`})`
			`} else {`
Move note actions to their own file. Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com> 2019-10-27 08:51:53 -04:00			`return errors.errorForbidden(res)`
Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`}`
Update to move gitlab api path to sub path and fix its find user method for PR #121 2016-05-16 06:16:45 -04:00			`}`

Use JavaScript Standard Style Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. 2017-03-08 05:45:51 -05:00			`module.exports = response`