Compare commits
3 Commits
59c3f4a333
...
5907b78084
Author | SHA1 | Date |
---|---|---|
Armored Dragon | 5907b78084 | |
Armored Dragon | b3ee9aec10 | |
Armored Dragon | e76bb6c493 |
|
@ -6,6 +6,7 @@ const { getSignedUrl } = require("@aws-sdk/s3-request-presigner");
|
||||||
let s3;
|
let s3;
|
||||||
const crypto = require("crypto");
|
const crypto = require("crypto");
|
||||||
const validate = require("../form_validation");
|
const validate = require("../form_validation");
|
||||||
|
const permissions = require("../permissions");
|
||||||
const md = require("markdown-it")()
|
const md = require("markdown-it")()
|
||||||
.use(require("markdown-it-underline"))
|
.use(require("markdown-it-underline"))
|
||||||
.use(require("markdown-it-footnote"))
|
.use(require("markdown-it-footnote"))
|
||||||
|
@ -97,6 +98,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
||||||
|
|
||||||
return { success: true, data: user };
|
return { success: true, data: user };
|
||||||
}
|
}
|
||||||
|
// TODO: Rename patchUser
|
||||||
async function editUser({ requester_id, user_id, user_content }) {
|
async function editUser({ requester_id, user_id, user_content }) {
|
||||||
let user = await getUser({ user_id: user_id });
|
let user = await getUser({ user_id: user_id });
|
||||||
if (!user.success) return _r(false, "User not found");
|
if (!user.success) return _r(false, "User not found");
|
||||||
|
@ -228,29 +230,24 @@ async function getPost({ requester_id, post_id, visibility = "PUBLISHED" } = {},
|
||||||
return pageList.slice(0, 5);
|
return pageList.slice(0, 5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// TODO: Rename patchPost
|
||||||
async function editPost({ requester_id, post_id, post_content }) {
|
async function editPost({ requester_id, post_id, post_content }) {
|
||||||
let user = await getUser({ user_id: requester_id });
|
let user = await getUser({ user_id: requester_id });
|
||||||
let post = await getPost({ post_id: post_id });
|
let post = await getPost({ post_id: post_id });
|
||||||
let publish_date = null;
|
|
||||||
|
|
||||||
if (!user.success) return _r(false, post.message || "User not found");
|
// Validate the post content
|
||||||
user = user.data;
|
let validated_post = validate.patchPost(post_content, user, post);
|
||||||
if (!post.success) return _r(false, post.message || "Post not found");
|
if (!validated_post.success) return _r(false, validated_post.message);
|
||||||
post = post.data;
|
|
||||||
|
|
||||||
// Check to see if the requester can update the post
|
user = validated_post.data.user;
|
||||||
// TODO: Permissions
|
post = validated_post.data.post;
|
||||||
let can_update = post.owner.id === user.id || user.role === "ADMIN";
|
validated_post = validated_post.data.post_formatted;
|
||||||
|
|
||||||
// FIXME: Unsure if this actually works
|
// Check if the user can preform the action
|
||||||
// Check if we already have a formatted publish date
|
const can_act = permissions.patchPost(post, user);
|
||||||
if (typeof post.publish_date !== "object") {
|
if (!can_act.success) return _r(false, can_act.message);
|
||||||
const [year, month, day] = post.date.split("-");
|
|
||||||
const [hour, minute] = post.time.split(":");
|
|
||||||
publish_date = new Date(year, month - 1, day, hour, minute);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Handle tags ----
|
// Handle tags ----------
|
||||||
let database_tag_list = [];
|
let database_tag_list = [];
|
||||||
const existing_tags = post.tags?.map((tag) => ({ name: tag })) || [];
|
const existing_tags = post.tags?.map((tag) => ({ name: tag })) || [];
|
||||||
|
|
||||||
|
@ -266,12 +263,10 @@ async function editPost({ requester_id, post_id, post_content }) {
|
||||||
|
|
||||||
// Rebuild the post to save
|
// Rebuild the post to save
|
||||||
let post_formatted = {
|
let post_formatted = {
|
||||||
title: post_content.title,
|
...validated_post,
|
||||||
description: post_content.description,
|
// Handle tag changes
|
||||||
content: post_content.content,
|
|
||||||
visibility: post_content.visibility || "PRIVATE",
|
|
||||||
publish_date: publish_date || post_content.publish_date,
|
|
||||||
tags: { disconnect: [...existing_tags], connect: [...database_tag_list] },
|
tags: { disconnect: [...existing_tags], connect: [...database_tag_list] },
|
||||||
|
// Handle media changes
|
||||||
media: [...post.raw_media, ...post_content.media],
|
media: [...post.raw_media, ...post_content.media],
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -329,18 +324,22 @@ async function getBiography({ requester_id, author_id }) {
|
||||||
|
|
||||||
return { success: true, data: post };
|
return { success: true, data: post };
|
||||||
}
|
}
|
||||||
|
// TODO: Rename to patchBiography
|
||||||
async function updateBiography({ requester_id, author_id, biography_content }) {
|
async function updateBiography({ requester_id, author_id, biography_content }) {
|
||||||
let user = await getUser({ user_id: requester_id });
|
let user = await getUser({ user_id: requester_id });
|
||||||
let biography = await getBiography({ author_id: author_id });
|
let biography = await getBiography({ author_id: author_id });
|
||||||
|
|
||||||
if (!user.success) return _r(false, user.message || "Author not found");
|
// Validate post ----------
|
||||||
user = user.data;
|
let formatted_biography = validate.patchBiography(biography_content, user, biography);
|
||||||
|
if (!formatted_biography.success) return _r(false, formatted_biography.message);
|
||||||
|
|
||||||
if (!biography.success) return _r(false, biography.message || "Post not found");
|
user = formatted_biography.data.user;
|
||||||
biography = biography.data;
|
biography = formatted_biography.data.biography;
|
||||||
|
biography_content = formatted_biography.data.biography_content;
|
||||||
|
|
||||||
let can_update = biography.owner.id === user.id || user.role === "ADMIN";
|
// Permission check ----------
|
||||||
if (!can_update) return _r(false, "User not permitted");
|
const can_act = permissions.patchBiography(biography_content, user, biography);
|
||||||
|
if (!can_act.success) return _r(false, "User not permitted");
|
||||||
|
|
||||||
let formatted = {
|
let formatted = {
|
||||||
content: biography_content.content,
|
content: biography_content.content,
|
||||||
|
|
|
@ -57,18 +57,7 @@ async function deleteBlog(req, res) {
|
||||||
return res.json(await core.deletePost({ post_id: req.body.id, requester_id: req.session.user.id }));
|
return res.json(await core.deletePost({ post_id: req.body.id, requester_id: req.session.user.id }));
|
||||||
}
|
}
|
||||||
async function patchBlog(req, res) {
|
async function patchBlog(req, res) {
|
||||||
// FIXME: validate does not return post id
|
return res.json(await core.editPost({ requester_id: req.session.user.id, post_id: req.body.id, post_content: req.body }));
|
||||||
// Can user change post?
|
|
||||||
// User is admin, or user is author
|
|
||||||
|
|
||||||
// Validate blog info
|
|
||||||
let valid = await validate.patchPost(req.body);
|
|
||||||
|
|
||||||
if (!valid.success) return { success: false, message: valid.message || "Post failed validation" };
|
|
||||||
valid = valid.data;
|
|
||||||
|
|
||||||
// TODO: Permissions for updating blog
|
|
||||||
return res.json(await core.editPost({ requester_id: req.session.user.id, post_id: req.body.id, post_content: valid }));
|
|
||||||
}
|
}
|
||||||
async function patchBiography(request, response) {
|
async function patchBiography(request, response) {
|
||||||
// TODO: Validate
|
// TODO: Validate
|
||||||
|
|
|
@ -19,11 +19,14 @@ function newUser({ username, password } = {}) {
|
||||||
return _r(true);
|
return _r(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
function patchPost(post_content) {
|
function patchPost(post_content, user, post) {
|
||||||
let post_formatted = {}; // The formatted post content object that will be returned upon success
|
let post_formatted = {}; // The formatted post content object that will be returned upon success
|
||||||
let publish_date; // Time and date the post should be made public
|
let publish_date; // Time and date the post should be made public
|
||||||
let tags = []; // An array of tags for the post
|
let tags = []; // An array of tags for the post
|
||||||
|
|
||||||
|
if (!user.success) return _r(false, "User not found");
|
||||||
|
if (!post.success) return _r(false, "Post not found");
|
||||||
|
|
||||||
// Get the publish date in a standard format
|
// Get the publish date in a standard format
|
||||||
const [year, month, day] = post_content.date.split("-");
|
const [year, month, day] = post_content.date.split("-");
|
||||||
const [hour, minute] = post_content.time.split(":");
|
const [hour, minute] = post_content.time.split(":");
|
||||||
|
@ -41,6 +44,9 @@ function patchPost(post_content) {
|
||||||
if (tag.length !== 0) tags.push(tag);
|
if (tag.length !== 0) tags.push(tag);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
delete post_content.date;
|
||||||
|
delete post_content.time;
|
||||||
|
|
||||||
// Format the post content
|
// Format the post content
|
||||||
post_formatted = {
|
post_formatted = {
|
||||||
// Autofill the given data
|
// Autofill the given data
|
||||||
|
@ -53,7 +59,14 @@ function patchPost(post_content) {
|
||||||
publish_date: publish_date,
|
publish_date: publish_date,
|
||||||
};
|
};
|
||||||
|
|
||||||
return _r(true, null, post_formatted);
|
return _r(true, null, { post_formatted: post_formatted, user: user.data, post: post.data });
|
||||||
|
}
|
||||||
|
|
||||||
|
function patchBiography(biography_content, user, biography) {
|
||||||
|
if (!user.success) return _r(false, "User not found");
|
||||||
|
if (!biography.success) return _r(false, "Post not found");
|
||||||
|
|
||||||
|
return _r(true, null, { biography_content: biography_content, user: user.data, biography: biography.data });
|
||||||
}
|
}
|
||||||
|
|
||||||
// Helper functions --------------------
|
// Helper functions --------------------
|
||||||
|
@ -62,7 +75,7 @@ function _isUrlSafe(str) {
|
||||||
return pattern.test(str);
|
return pattern.test(str);
|
||||||
}
|
}
|
||||||
function _r(s, m, d) {
|
function _r(s, m, d) {
|
||||||
return { success: s, m: m ? m || "Unknown error" : undefined, data: d };
|
return { success: s, message: m ? m || "Unknown error" : undefined, data: d };
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = { newUser, patchPost };
|
module.exports = { newUser, patchPost, patchBiography };
|
||||||
|
|
|
@ -1,3 +1,26 @@
|
||||||
function postBlog(user) {}
|
//
|
||||||
|
// Permissions
|
||||||
|
//
|
||||||
|
// Check if a given user has permissions to preform an action
|
||||||
|
//
|
||||||
|
|
||||||
module.exports = { postBlog };
|
// Updating a blog post
|
||||||
|
function patchPost(post_content, user) {
|
||||||
|
// Admins can always update any post
|
||||||
|
if (user.role === "ADMIN") return _r(true);
|
||||||
|
|
||||||
|
// User owns the post
|
||||||
|
if (post_content.owner.id === user.id) return _r(true);
|
||||||
|
|
||||||
|
// User is not permitted
|
||||||
|
return _r(false, "User is not permitted to preform action.");
|
||||||
|
}
|
||||||
|
function patchBiography(biography, user) {
|
||||||
|
// Biographies are just fancy posts right now.
|
||||||
|
return patchPost(biography, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
function _r(s, m, d) {
|
||||||
|
return { success: s, message: m ? m || "Unknown error" : undefined, data: d };
|
||||||
|
}
|
||||||
|
module.exports = { patchPost, patchBiography };
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
"login": "/ejs/login.ejs",
|
"login": "/ejs/login.ejs",
|
||||||
"register": "/ejs/register.ejs",
|
"register": "/ejs/register.ejs",
|
||||||
"author": "/ejs/author.ejs",
|
"author": "/ejs/author.ejs",
|
||||||
|
"authorEdit": "/ejs/authorEdit.ejs",
|
||||||
"post": "/ejs/post.ejs",
|
"post": "/ejs/post.ejs",
|
||||||
"postSearch": "/ejs/postSearch.ejs",
|
"postSearch": "/ejs/postSearch.ejs",
|
||||||
"postNew": "/ejs/postNew.ejs",
|
"postNew": "/ejs/postNew.ejs",
|
||||||
|
|
Loading…
Reference in New Issue