Compare commits
3 Commits
3203fea2f8
...
0dd6a7fa00
Author | SHA1 | Date |
---|---|---|
Armored Dragon | 0dd6a7fa00 | |
Armored Dragon | 6dde5d7020 | |
Armored Dragon | 37e582ac1d |
|
@ -5,6 +5,8 @@ const { S3Client, PutObjectCommand, GetObjectCommand, DeleteObjectCommand, ListO
|
|||
const { getSignedUrl } = require("@aws-sdk/s3-request-presigner");
|
||||
let s3;
|
||||
const crypto = require("crypto");
|
||||
const validate = require("../form_validation");
|
||||
const permissions = require("../permissions");
|
||||
const md = require("markdown-it")()
|
||||
.use(require("markdown-it-underline"))
|
||||
.use(require("markdown-it-footnote"))
|
||||
|
@ -59,22 +61,23 @@ function _initS3Storage() {
|
|||
|
||||
// Users
|
||||
async function newUser({ username, password, role } = {}) {
|
||||
if (!username) return _r(false, "Username not specified");
|
||||
if (!password) return _r(false, "Password not specified");
|
||||
// Sanity check on user registration.
|
||||
const valid = validate.newUser({ username: username, password: password });
|
||||
if (!valid.success) return _r(false, valid.message);
|
||||
|
||||
// Create the account
|
||||
try {
|
||||
user_database_entry = await prisma.user.create({ data: { username: username, password: password, role: role } });
|
||||
} catch (e) {
|
||||
let message = "Unknown error";
|
||||
return { success: false, message: message };
|
||||
return _r(false, message);
|
||||
}
|
||||
|
||||
// Create the profile page and link
|
||||
try {
|
||||
user_profile_database_entry = await prisma.profilePage.create({ data: { owner: { connect: { id: user_database_entry.id } } } });
|
||||
} catch (e) {
|
||||
return { success: false, message: `Error creating profile page for user ${username}` };
|
||||
return _r(false, `Error creating profile page for user ${username}`);
|
||||
}
|
||||
|
||||
// Master user was created; server initialized
|
||||
|
@ -95,6 +98,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
|||
|
||||
return { success: true, data: user };
|
||||
}
|
||||
// TODO: Rename patchUser
|
||||
async function editUser({ requester_id, user_id, user_content }) {
|
||||
let user = await getUser({ user_id: user_id });
|
||||
if (!user.success) return _r(false, "User not found");
|
||||
|
@ -136,28 +140,6 @@ async function newPost({ requester_id }) {
|
|||
return post.id;
|
||||
}
|
||||
async function getPost({ requester_id, post_id, visibility = "PUBLISHED" } = {}, { search, search_title, search_content, search_tags } = {}, { limit = 10, page = 0, pagination = true } = {}) {
|
||||
// Get a single post
|
||||
if (post_id) {
|
||||
let post;
|
||||
post = await prisma.post.findUnique({ where: { id: post_id }, include: { owner: true, tags: true } });
|
||||
if (!post) return _r(false, "Post does not exist");
|
||||
post = _stripPrivatePost(post);
|
||||
|
||||
// Tags
|
||||
let post_tags = [];
|
||||
post.raw_tags = [];
|
||||
post.tags.forEach((tag) => {
|
||||
post_tags.push(tag.name);
|
||||
post.raw_tags.push();
|
||||
});
|
||||
post.tags = post_tags;
|
||||
|
||||
// Render post
|
||||
return { success: true, data: await _renderPost(post) };
|
||||
}
|
||||
|
||||
// Otherwise build WHERE_OBJECT using data we do have
|
||||
let post_list = [];
|
||||
let where_object = {
|
||||
OR: [
|
||||
// Standard discovery: Public, and after the publish date
|
||||
|
@ -186,6 +168,46 @@ async function getPost({ requester_id, post_id, visibility = "PUBLISHED" } = {},
|
|||
},
|
||||
],
|
||||
};
|
||||
|
||||
// Admins can view everything at any point
|
||||
let user;
|
||||
if (requester_id) {
|
||||
user = await getUser({ user_id: requester_id });
|
||||
if (user.success) user = user.data;
|
||||
if (user.role === "ADMIN") where_object["OR"].push({ NOT: { id: "" } });
|
||||
}
|
||||
|
||||
// Get a single post
|
||||
if (post_id) {
|
||||
let post;
|
||||
|
||||
// We can view unlisted posts, but we don't want them to show up otherwise in search.
|
||||
// Inject a "unlisted" inclusion into where_object to allow direct viewing of unlisted posts
|
||||
where_object["OR"].push({ visibility: "UNLISTED" });
|
||||
|
||||
// Allow getting drafts if the requesting user owns the draft
|
||||
where_object["OR"].push({ AND: [{ visibility: "DRAFT" }, { ownerid: requester_id }] });
|
||||
|
||||
post = await prisma.post.findUnique({ where: { ...where_object, id: post_id }, include: { owner: true, tags: true } });
|
||||
if (!post) return _r(false, "Post does not exist");
|
||||
post = _stripPrivatePost(post);
|
||||
|
||||
// Tags
|
||||
let post_tags = [];
|
||||
post.raw_tags = [];
|
||||
post.tags.forEach((tag) => {
|
||||
post_tags.push(tag.name);
|
||||
post.raw_tags.push();
|
||||
});
|
||||
post.tags = post_tags;
|
||||
|
||||
// Render post
|
||||
return { success: true, data: await _renderPost(post) };
|
||||
}
|
||||
|
||||
// Otherwise build WHERE_OBJECT using data we do have
|
||||
let post_list = [];
|
||||
|
||||
// Build the "where_object" object
|
||||
if (search) {
|
||||
if (search_tags) where_object["AND"][0]["OR"].push({ tags: { some: { name: search?.toLowerCase() } } });
|
||||
|
@ -226,29 +248,24 @@ async function getPost({ requester_id, post_id, visibility = "PUBLISHED" } = {},
|
|||
return pageList.slice(0, 5);
|
||||
}
|
||||
}
|
||||
// TODO: Rename patchPost
|
||||
async function editPost({ requester_id, post_id, post_content }) {
|
||||
let user = await getUser({ user_id: requester_id });
|
||||
let post = await getPost({ post_id: post_id });
|
||||
let publish_date = null;
|
||||
|
||||
if (!user.success) return _r(false, post.message || "User not found");
|
||||
user = user.data;
|
||||
if (!post.success) return _r(false, post.message || "Post not found");
|
||||
post = post.data;
|
||||
// Validate the post content
|
||||
let validated_post = validate.patchPost(post_content, user, post);
|
||||
if (!validated_post.success) return _r(false, validated_post.message);
|
||||
|
||||
// Check to see if the requester can update the post
|
||||
// TODO: Permissions
|
||||
let can_update = post.owner.id === user.id || user.role === "ADMIN";
|
||||
user = validated_post.data.user;
|
||||
post = validated_post.data.post;
|
||||
validated_post = validated_post.data.post_formatted;
|
||||
|
||||
// FIXME: Unsure if this actually works
|
||||
// Check if we already have a formatted publish date
|
||||
if (typeof post.publish_date !== "object") {
|
||||
const [year, month, day] = post.date.split("-");
|
||||
const [hour, minute] = post.time.split(":");
|
||||
publish_date = new Date(year, month - 1, day, hour, minute);
|
||||
}
|
||||
// Check if the user can preform the action
|
||||
const can_act = permissions.patchPost(post, user);
|
||||
if (!can_act.success) return _r(false, can_act.message);
|
||||
|
||||
// Handle tags ----
|
||||
// Handle tags ----------
|
||||
let database_tag_list = [];
|
||||
const existing_tags = post.tags?.map((tag) => ({ name: tag })) || [];
|
||||
|
||||
|
@ -264,12 +281,10 @@ async function editPost({ requester_id, post_id, post_content }) {
|
|||
|
||||
// Rebuild the post to save
|
||||
let post_formatted = {
|
||||
title: post_content.title,
|
||||
description: post_content.description,
|
||||
content: post_content.content,
|
||||
visibility: post_content.visibility || "PRIVATE",
|
||||
publish_date: publish_date || post_content.publish_date,
|
||||
...validated_post,
|
||||
// Handle tag changes
|
||||
tags: { disconnect: [...existing_tags], connect: [...database_tag_list] },
|
||||
// Handle media changes
|
||||
media: [...post.raw_media, ...post_content.media],
|
||||
};
|
||||
|
||||
|
@ -327,18 +342,22 @@ async function getBiography({ requester_id, author_id }) {
|
|||
|
||||
return { success: true, data: post };
|
||||
}
|
||||
// TODO: Rename to patchBiography
|
||||
async function updateBiography({ requester_id, author_id, biography_content }) {
|
||||
let user = await getUser({ user_id: requester_id });
|
||||
let biography = await getBiography({ author_id: author_id });
|
||||
|
||||
if (!user.success) return _r(false, user.message || "Author not found");
|
||||
user = user.data;
|
||||
// Validate post ----------
|
||||
let formatted_biography = validate.patchBiography(biography_content, user, biography);
|
||||
if (!formatted_biography.success) return _r(false, formatted_biography.message);
|
||||
|
||||
if (!biography.success) return _r(false, biography.message || "Post not found");
|
||||
biography = biography.data;
|
||||
user = formatted_biography.data.user;
|
||||
biography = formatted_biography.data.biography;
|
||||
biography_content = formatted_biography.data.biography_content;
|
||||
|
||||
let can_update = biography.owner.id === user.id || user.role === "ADMIN";
|
||||
if (!can_update) return _r(false, "User not permitted");
|
||||
// Permission check ----------
|
||||
const can_act = permissions.patchBiography(biography_content, user, biography);
|
||||
if (!can_act.success) return _r(false, "User not permitted");
|
||||
|
||||
let formatted = {
|
||||
content: biography_content.content,
|
||||
|
@ -598,7 +617,7 @@ async function postSetting(key, value) {
|
|||
async function editSetting({ name, value }) {
|
||||
if (!Object.keys(settings).includes(name)) return _r(false, "Setting is not valid");
|
||||
|
||||
await prisma.setting.upsert({ where: { id: key }, update: { value: value }, create: { id: key, value: value } });
|
||||
await prisma.setting.upsert({ where: { id: name }, update: { value: value }, create: { id: name, value: value } });
|
||||
try {
|
||||
settings[key] = JSON.parse(value);
|
||||
} catch {
|
||||
|
|
|
@ -23,7 +23,7 @@ async function getFeed({ type = "rss" }) {
|
|||
let feed = getBaseFeed();
|
||||
|
||||
// Get posts
|
||||
let posts = await core.getPost(null, null, { limit: 20 });
|
||||
let posts = await core.getPost(undefined, undefined, { limit: 20 });
|
||||
|
||||
// For each post, add a formatted object to the feed
|
||||
posts.data.forEach((post) => {
|
||||
|
@ -45,7 +45,6 @@ async function getFeed({ type = "rss" }) {
|
|||
|
||||
feed.addItem(formatted);
|
||||
});
|
||||
// if (type === "rss") return feed.rss2();
|
||||
if (type === "atom") return feed.atom1();
|
||||
if (type === "json") return feed.json1();
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ const validate = require("../form_validation");
|
|||
async function postRegister(req, res) {
|
||||
const { username, password } = req.body; // Get the username and password from the request body
|
||||
|
||||
const form_validation = await validate.registerUser(username, password); // Check form for errors
|
||||
const form_validation = await validate.newUser({ username: username, password: password }); // Check form for errors
|
||||
|
||||
// User registration disabled?
|
||||
// We also check if the server was setup. If it was not set up, the server will proceed anyways.
|
||||
|
@ -57,18 +57,7 @@ async function deleteBlog(req, res) {
|
|||
return res.json(await core.deletePost({ post_id: req.body.id, requester_id: req.session.user.id }));
|
||||
}
|
||||
async function patchBlog(req, res) {
|
||||
// FIXME: validate does not return post id
|
||||
// Can user change post?
|
||||
// User is admin, or user is author
|
||||
|
||||
// Validate blog info
|
||||
let valid = await validate.postBlog(req.body);
|
||||
|
||||
if (!valid.success) return { success: false, message: valid.message || "Post failed validation" };
|
||||
valid = valid.data;
|
||||
|
||||
// TODO: Permissions for updating blog
|
||||
return res.json(await core.editPost({ requester_id: req.session.user.id, post_id: req.body.id, post_content: valid }));
|
||||
return res.json(await core.editPost({ requester_id: req.session.user.id, post_id: req.body.id, post_content: req.body }));
|
||||
}
|
||||
async function patchBiography(request, response) {
|
||||
// TODO: Validate
|
||||
|
|
|
@ -1,33 +1,39 @@
|
|||
const core = require("./core/core");
|
||||
//
|
||||
// Form validation
|
||||
//
|
||||
// Preform sanity checks on content
|
||||
// Format given data in an accessible way
|
||||
//
|
||||
|
||||
async function registerUser(username, password) {
|
||||
if (!username) return { success: false, message: "No username provided" };
|
||||
if (!password) return { success: false, message: "No password provided" };
|
||||
if (password.length < core.settings["USER_MINIMUM_PASSWORD_LENGTH"]) return { success: false, message: "Password not long enough" };
|
||||
// Make sure the user registration data is safe and valid.
|
||||
function newUser({ username, password } = {}) {
|
||||
const core = require("./core/core"); // HACK: Need to require the core module here because the settings don't get set otherwise.
|
||||
|
||||
// Check if username only uses URL safe characters
|
||||
if (!_isUrlSafe(username)) return { success: false, message: "Username is not URL safe" };
|
||||
if (!username) return _r(false, "No username provided");
|
||||
if (!password) return _r(false, "No password provided");
|
||||
if (password.length < core.settings["USER_MINIMUM_PASSWORD_LENGTH"]) return _r(false, `Password is not long enough. Minimum length is ${core.settings["USER_MINIMUM_PASSWORD_LENGTH"]}`);
|
||||
|
||||
// All good! Validation complete
|
||||
return { success: true };
|
||||
// TODO: Method to block special characters
|
||||
if (!_isUrlSafe(username)) return _r(false, "Invalid Username. Please only use a-z A-Z 0-9");
|
||||
|
||||
return _r(true);
|
||||
}
|
||||
|
||||
async function postBlog(blog_object) {
|
||||
// TODO: Validate blog posts before upload
|
||||
// Check title length
|
||||
// Check description length
|
||||
// Check content length
|
||||
// Check valid date
|
||||
// Return formatted object
|
||||
function patchPost(post_content, user, post) {
|
||||
let post_formatted = {}; // The formatted post content object that will be returned upon success
|
||||
let publish_date; // Time and date the post should be made public
|
||||
let tags = []; // An array of tags for the post
|
||||
|
||||
if (!user.success) return _r(false, "User not found");
|
||||
if (!post.success) return _r(false, "Post not found");
|
||||
|
||||
// Get the publish date in a standard format
|
||||
const [year, month, day] = blog_object.date.split("-");
|
||||
const [hour, minute] = blog_object.time.split(":");
|
||||
let publish_date = new Date(year, month - 1, day, hour, minute);
|
||||
const [year, month, day] = post_content.date.split("-");
|
||||
const [hour, minute] = post_content.time.split(":");
|
||||
publish_date = new Date(year, month - 1, day, hour, minute);
|
||||
|
||||
// Go though our tags and ensure they are:
|
||||
let valid_tag_array = [];
|
||||
blog_object.tags.forEach((tag) => {
|
||||
// Go though tags list, and turn into a pretty array
|
||||
post_content.tags.forEach((tag) => {
|
||||
// Trimmed
|
||||
tag = tag.trim();
|
||||
|
||||
|
@ -35,27 +41,41 @@ async function postBlog(blog_object) {
|
|||
tag = tag.toLowerCase();
|
||||
|
||||
// Non-empty
|
||||
if (tag.length !== 0) valid_tag_array.push(tag);
|
||||
if (tag.length !== 0) tags.push(tag);
|
||||
});
|
||||
|
||||
// Format our data to save
|
||||
let blog_post_formatted = {
|
||||
title: blog_object.title,
|
||||
description: blog_object.description,
|
||||
content: blog_object.content,
|
||||
visibility: blog_object.visibility,
|
||||
delete post_content.date;
|
||||
delete post_content.time;
|
||||
|
||||
// Format the post content
|
||||
post_formatted = {
|
||||
// Autofill the given data
|
||||
...post_content,
|
||||
|
||||
// Update tags to our pretty array
|
||||
tags: tags,
|
||||
|
||||
// Update date
|
||||
publish_date: publish_date,
|
||||
tags: valid_tag_array,
|
||||
media: blog_object.media,
|
||||
thumbnail: blog_object.thumbnail,
|
||||
};
|
||||
|
||||
return { success: true, data: blog_post_formatted };
|
||||
return _r(true, null, { post_formatted: post_formatted, user: user.data, post: post.data });
|
||||
}
|
||||
|
||||
function patchBiography(biography_content, user, biography) {
|
||||
if (!user.success) return _r(false, "User not found");
|
||||
if (!biography.success) return _r(false, "Post not found");
|
||||
|
||||
return _r(true, null, { biography_content: biography_content, user: user.data, biography: biography.data });
|
||||
}
|
||||
|
||||
// Helper functions --------------------
|
||||
function _isUrlSafe(str) {
|
||||
const pattern = /^[A-Za-z0-9\-_.~]+$/;
|
||||
return pattern.test(str);
|
||||
}
|
||||
function _r(s, m, d) {
|
||||
return { success: s, message: m ? m || "Unknown error" : undefined, data: d };
|
||||
}
|
||||
|
||||
module.exports = { registerUser, postBlog };
|
||||
module.exports = { newUser, patchPost, patchBiography };
|
||||
|
|
|
@ -75,7 +75,7 @@ async function blogList(req, res) {
|
|||
});
|
||||
}
|
||||
async function blogSingle(req, res) {
|
||||
const blog = await core.getPost({ post_id: req.params.blog_id });
|
||||
const blog = await core.getPost({ requester_id: req.session.user?.id, post_id: req.params.blog_id });
|
||||
if (blog.success === false) return res.redirect("/");
|
||||
res.render(_getThemePage("post"), { ...(await getDefaults(req)), blog_post: blog.data });
|
||||
}
|
||||
|
|
|
@ -1,3 +1,32 @@
|
|||
function postBlog(user) {}
|
||||
//
|
||||
// Permissions
|
||||
//
|
||||
// Check if a given user has permissions to preform an action
|
||||
//
|
||||
|
||||
module.exports = { postBlog };
|
||||
// Updating a blog post
|
||||
function patchPost(post_content, user) {
|
||||
// Admins can always update any post
|
||||
if (user.role === "ADMIN") return _r(true);
|
||||
|
||||
// User owns the post
|
||||
if (post_content.owner.id === user.id) return _r(true);
|
||||
|
||||
// User is not permitted
|
||||
return _r(false, "User is not permitted to preform action.");
|
||||
}
|
||||
function patchBiography(biography, user) {
|
||||
// Admins can always update any post
|
||||
if (user.role === "ADMIN") return _r(true);
|
||||
|
||||
// User edits their own account
|
||||
if (biography.id === user.id) return _r(true);
|
||||
|
||||
// User is not permitted
|
||||
return _r(false, "User is not permitted to preform action.");
|
||||
}
|
||||
|
||||
function _r(s, m, d) {
|
||||
return { success: s, message: m ? m || "Unknown error" : undefined, data: d };
|
||||
}
|
||||
module.exports = { patchPost, patchBiography };
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<div class="footer">
|
||||
<div class="page-center">
|
||||
<div class="resources">
|
||||
<a class="atom-feed icon" href="#"><span>ATOM Feed</span> </a>
|
||||
<a class="json icon" href="#"><span>JSON Feed</span></a>
|
||||
<a class="atom-feed icon" href="/atom"><span>ATOM Feed</span> </a>
|
||||
<a class="json icon" href="/json"><span>JSON Feed</span></a>
|
||||
</div>
|
||||
<div class="info">
|
||||
<a class="json icon" href="https://github.com/armored-dragon/yet-another-blog">Built using Yet-Another-Blog</a>
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
"login": "/ejs/login.ejs",
|
||||
"register": "/ejs/register.ejs",
|
||||
"author": "/ejs/author.ejs",
|
||||
"authorEdit": "/ejs/authorEdit.ejs",
|
||||
"post": "/ejs/post.ejs",
|
||||
"postSearch": "/ejs/postSearch.ejs",
|
||||
"postNew": "/ejs/postNew.ejs",
|
||||
|
|
Loading…
Reference in New Issue