mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-07-06 09:08:26 +02:00
Bootstrap5 (#10894)
* chore: up deps * chore: up composer * fix(deps): bump 2factor to v7 * chore: up harmony * chore: up harmony * fix: missing await * feat: allow middlewares to pass in template values via res.locals * feat: buildAccountData middleware automatically added ot all account routes * fix: properly allow values in res.locals.templateValues to be added to the template data * refactor: user/blocks * refactor(accounts): categories and consent * feat: automatically 404 if exposeUid or exposeGroupName come up empty * refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now * fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization * fix: move reputation removal check to accountHelpers method * test: skip i18n tests if ref branch when present is not develop * fix(deps): bump theme versions * fix(deps): bump ntfy and 2factor * chore: up harmony * fix: add missing return * fix: #11191, only focus on search input on md environments and up * feat: allow file uploads on mobile chat closes https://github.com/NodeBB/NodeBB/issues/11217 * chore: up themes * chore: add lang string * fix(deps): bump ntfy to 1.0.15 * refactor: use new if/each syntax * chore: up composer * fix: regression from user helper refactor * chore: up harmony * chore: up composer * chore: up harmony * chore: up harmony * chore: up harmony * chore: fix composer version * feat: add increment helper * chore: up harmony * fix: #11228 no timestamps in future ⌛ * chore: up harmony * check config.theme as well fire action:posts.loaded after processing dom * chore: up harmony * chore: up harmony * chore: up harmony * chore: up themes * chore: up harmony * remove extra class * refactor: move these to core from harmony * chore: up widgets * chore: up widgets * height auto * fix: closes #11238 * dont focus inputs, annoying on mobile * fix: dont focus twice, only focus on chat input on desktop dont wrap widget footer in row * chore: up harmony * chore: up harmony * update chat window * chore: up themes * fix cache buster for skins * chat fixes * chore: up harmony * chore: up composer * refactor: change hook logs to debug * fix: scroll to post right after adding to dom * fix: hash scrolling and highlighting correct post * test: re-enable read API schema tests * fix: add back schema changes for179faa2270andc3920ccb10* fix: schema changes from488f0978a4* fix: schema changes forf4cf482a87* fix: schema update forbe6bbabd0e* fix: schema changes for69c96078ea* fix: schema changes ford1364c3130* fix: schema changes for84ff1152f7* fix: schema changes forb860c2605c* fix: schema changes for23cb67a112* fix: schema changes forb916e42f40* fix: schema change fora9bbb586fc* fix: schema changes for4b738c8cd3* fix: schema changes for58b5781cea* fix: schema changes for794bf01b21* fix: schema changes for80ea12c1c1,e368feef51, and52ead114be* fix: composer-default object in config? * fix: schema changes for9acdc6808cand0930934200* fix: schema changes forc0a52924f1* fix: schema change foraba420a3f3, move loggedInUser to optional props * fix: schema changes for8c67031609* fix: schema changes for27e53b42f3* fix: schema changes for2835966518* fix: breaking test for email confirmation API call * fix: schema changes for refactored search page * fix: schema changes for user object * fix: schema changes for9f531f957e* fix: schema changes forc4042c70deand23175110a2* fix: schema changes for9b3616b103* fix: schema changes for5afd5de07d* fix: schema change for1d7baf1217* fix: schema changes for57bfb37c55andbe6bbabd0e* fix: schema changes for6e86b4afa2and3efad2e13band68f66223e7* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before) * fix: re-login on email change * fix: schema changes forc926358d73* fix: schema changes for388a8270c9* fix: schema change for2658bcc821* fix: no need to call account middlewares for chats routes * fix: schema changes for71743affc3* fix: final schema changes * test: support for anyOf and oneOf * fix: check thumb * dont scroll to top on back press * remove group log * fix: add top margin to merged and deleted alerts * chore: up widgets * fix: improve fix-lists mixin * chore: up harmony/composer * feat: allow hiding quicksearch results during search * dont record searches made by composer * chore: up 54 * chore: up spam be gone * feat: add prev/next page and page count into mobile paginator * chore: up harmony * chore: up harmony * use old style for IS * fix: hide entire toolbar row if no posts or not singlePost * fix: updated messaging for post-queue template, #11206 * fix: btn-sm on post queue back button * fix: bump harmony, closes #11206 * fix: remove unused alert module import * fix: bump harmony * fix: bump harmony * chore: up harmony * refactor: IS scrolltop * fix: update users:search-user-for-chat source string * feat: support for mark-read toggle on chats dropdown and recent chats list * feat: api v3 calls to mark chat read/unread * feat: send event:chats.mark socket event on mark read or unread * refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling * docs: openapi schema updates for chat marking * fix: allow unread state toggling in chats dropdown too * fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread * fix: debug log * refactor: move userSearch filter to a module * feat(routes): allow remounting /categories (#11230) * feat: send flags count to frontend on flags list page * refactor: filter form client-side js to extract out some logic * fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden * fix: use userFilter module for assignee, reporterId, targetUid * fix(openapi): schema changes for updated flags page * fix: dont allow adding duplicates to userFilter * use same var * remove log * fix: closes #11282 * feat: lang key for x-topics * chore: up harmony * chore: up emoji * chore: up harmony * fix: update userFilter to allow new option `selectedBlock` * fix: wrong block name passed to userFilter * fix: https://github.com/NodeBB/NodeBB/issues/11283 * fix: chats, allow multiple dropdowns like in harmony * chore: up harmony * refactor: flag note adding/editing, closes #11285 * fix: remove old prepareEdit logic * chore: add caveat about hacky code block in userFilter module * fix: placeholders for userFilter module * refactor: navigator so it works with multiple thumbs/navigators * chore: up harmony * fix: closes #11287, destroy quick reply autocomplete on navigation * fix: filter disabled categories on user categories page count * chore: up harmony * docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying * fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests * fix: tweak table order in ACP dash searches * fix: only invoke navigator click drag on left mouse button * feat: add back unread indicator to navigator * clear bookmark on mark unread * fix: navigator crash on ajaxify * better thumb top calculation * fix: reset user bookmark when topic is marked unread * Revert "fix: reset user bookmark when topic is marked unread" This reverts commit9bcd85c2c6. * fix: update unread indicator on scroll, add unread count * chore: bump harmony * fix: crash on navigator unread update when backing out of a topic * fix: closes #11183 * fix: update topics:recent zset when rescheduling a topic * fix: dupe quote button, increase delay, hide immediately on empty selection * fix: navigator not showing up on first load * refactor: remove glance assorted fixes to navigator dont reduce remaning count if user scrolls down and up quickly only call topic.navigatorCallback when index changes * more sanity checks for bookmark dont allow setting bookmark higher than topic postcount * closes #11218, 🚋 * Revert "fix: update topics:recent zset when rescheduling a topic" This reverts commit737973cca9. * fix: #11306, show proper error if queued post doesn't exist was showing no-privileges if someone else accepted the post * https://github.com/NodeBB/NodeBB/issues/11307 dont use li * chore: up harmony * chore: bump version string * fix: copy paste fail * feat: closes #7382, tag filtering add client side support for filtering by tags on /category, /recent and /unread * chore: up harmony * chore: up harmony * Revert "fix: add back req.query fallback for backwards compatibility" [breaking] This reverts commitcf6cc2c454. This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x This is a breaking change. * fix: pass csrf token in form data, re: NodeBB/NodeBB#11309 * chore: up deps * fix: tests, use x-csrf-token query param removed * test: fix csrf_token * lint: remove unused * feat: add itemprop="image" to avatar helper * fix: get chat upload button in chat modal * breaking: remove deprecated socket.io methods * test: update messaging tests to not use sockets * fix: parent post links * fix: prevent post tooltip if mouse leaves before data/tpl is loaded * chore: up harmony * chore: up harmony * chore: up harmony * chore: up harmony * fix: nested replies indices * fix(deps): bump 2factor * feat: add loggedIn user to all api routes * chore: up themes * refactor: audit admin v3 write api routes as per #11321 * refactor: audit category v3 write api routes as per #11321 [breaking] docs: fix open api spec for #11321 * refactor: audit chat v3 write api routes as per #11321 * refactor: audit files v3 write api routes as per #11321 * refactor: audit flags v3 write api routes as per #11321 * refactor: audit posts v3 write api routes as per #11321 * refactor: audit topics v3 write api routes as per #11321 * refactor: audit users v3 write api routes as per #11321 * fix: lang string * remove min height * fix: empty topic/labels taking up space * fix: tag filtering when changing filter to watched topics or changing popular time limit to month * chore: up harmony * fix: closes #11354, show no post error if queued post already accepted/rejected * test: #11354 * test: #11354 * fix(deps): bump 2factor * fix: #11357 clear cache on thumb remove * fix: thumb remove on windows, closes #11357 * test: openapi for thumbs * test: fix openapi --------- Co-authored-by: Julian Lam <julian@nodebb.org> Co-authored-by: Opliko <opliko.reg@protonmail.com>
This commit is contained in:
committed by
GitHub
parent
1e7f32b1c4
commit
7ba70d1561
36
src/api/admin.js
Normal file
36
src/api/admin.js
Normal file
@@ -0,0 +1,36 @@
|
||||
'use strict';
|
||||
|
||||
const meta = require('../meta');
|
||||
const analytics = require('../analytics');
|
||||
const privileges = require('../privileges');
|
||||
|
||||
const adminApi = module.exports;
|
||||
|
||||
adminApi.updateSetting = async (caller, { setting, value }) => {
|
||||
const ok = await privileges.admin.can('admin:settings', caller.uid);
|
||||
if (!ok) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
await meta.configs.set(setting, value);
|
||||
};
|
||||
|
||||
adminApi.getAnalyticsKeys = async () => {
|
||||
const keys = await analytics.getKeys();
|
||||
|
||||
// Sort keys alphabetically
|
||||
return keys.sort((a, b) => (a < b ? -1 : 1));
|
||||
};
|
||||
|
||||
adminApi.getAnalyticsData = async (caller, { set, until, amount, units }) => {
|
||||
// Default returns views from past 24 hours, by hour
|
||||
if (!amount) {
|
||||
if (units === 'days') {
|
||||
amount = 30;
|
||||
} else {
|
||||
amount = 24;
|
||||
}
|
||||
}
|
||||
const getStats = units === 'days' ? analytics.getDailyStatsForSet : analytics.getHourlyStatsForSet;
|
||||
return await getStats(`analytics:${set}`, parseInt(until, 10) || Date.now(), amount);
|
||||
};
|
||||
@@ -8,6 +8,13 @@ const privileges = require('../privileges');
|
||||
|
||||
const categoriesAPI = module.exports;
|
||||
|
||||
const hasAdminPrivilege = async (uid, privilege = 'categories') => {
|
||||
const ok = await privileges.admin.can(`admin:${privilege}`, uid);
|
||||
if (!ok) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
};
|
||||
|
||||
categoriesAPI.get = async function (caller, data) {
|
||||
const [userPrivileges, category] = await Promise.all([
|
||||
privileges.categories.get(data.cid, caller.uid),
|
||||
@@ -21,31 +28,42 @@ categoriesAPI.get = async function (caller, data) {
|
||||
};
|
||||
|
||||
categoriesAPI.create = async function (caller, data) {
|
||||
await hasAdminPrivilege(caller.uid);
|
||||
|
||||
const response = await categories.create(data);
|
||||
const categoryObjs = await categories.getCategories([response.cid], caller.uid);
|
||||
return categoryObjs[0];
|
||||
};
|
||||
|
||||
categoriesAPI.update = async function (caller, data) {
|
||||
await hasAdminPrivilege(caller.uid);
|
||||
if (!data) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
await categories.update(data);
|
||||
const { cid, values } = data;
|
||||
|
||||
const payload = {};
|
||||
payload[cid] = values;
|
||||
await categories.update(payload);
|
||||
};
|
||||
|
||||
categoriesAPI.delete = async function (caller, data) {
|
||||
const name = await categories.getCategoryField(data.cid, 'name');
|
||||
await categories.purge(data.cid, caller.uid);
|
||||
categoriesAPI.delete = async function (caller, { cid }) {
|
||||
await hasAdminPrivilege(caller.uid);
|
||||
|
||||
const name = await categories.getCategoryField(cid, 'name');
|
||||
await categories.purge(cid, caller.uid);
|
||||
await events.log({
|
||||
type: 'category-purge',
|
||||
uid: caller.uid,
|
||||
ip: caller.ip,
|
||||
cid: data.cid,
|
||||
cid: cid,
|
||||
name: name,
|
||||
});
|
||||
};
|
||||
|
||||
categoriesAPI.getPrivileges = async (caller, cid) => {
|
||||
categoriesAPI.getPrivileges = async (caller, { cid }) => {
|
||||
await hasAdminPrivilege(caller.uid, 'privileges');
|
||||
|
||||
let responsePayload;
|
||||
|
||||
if (cid === 'admin') {
|
||||
@@ -60,6 +78,8 @@ categoriesAPI.getPrivileges = async (caller, cid) => {
|
||||
};
|
||||
|
||||
categoriesAPI.setPrivilege = async (caller, data) => {
|
||||
await hasAdminPrivilege(caller.uid, 'privileges');
|
||||
|
||||
const [userExists, groupExists] = await Promise.all([
|
||||
user.exists(data.member),
|
||||
groups.exists(data.member),
|
||||
@@ -100,3 +120,10 @@ categoriesAPI.setPrivilege = async (caller, data) => {
|
||||
target: data.member,
|
||||
});
|
||||
};
|
||||
|
||||
categoriesAPI.setModerator = async (caller, { cid, member, set }) => {
|
||||
await hasAdminPrivilege(caller.uid, 'admins-mods');
|
||||
|
||||
const privilegeList = await privileges.categories.getUserPrivilegeList();
|
||||
await categoriesAPI.setPrivilege(caller, { cid, privilege: privilegeList, member, set });
|
||||
};
|
||||
|
||||
102
src/api/chats.js
102
src/api/chats.js
@@ -5,9 +5,10 @@ const validator = require('validator');
|
||||
const user = require('../user');
|
||||
const meta = require('../meta');
|
||||
const messaging = require('../messaging');
|
||||
const notifications = require('../notifications');
|
||||
const plugins = require('../plugins');
|
||||
const privileges = require('../privileges');
|
||||
|
||||
// const websockets = require('../socket.io');
|
||||
const socketHelpers = require('../socket.io/helpers');
|
||||
|
||||
const chatsAPI = module.exports;
|
||||
@@ -23,11 +24,21 @@ function rateLimitExceeded(caller) {
|
||||
return false;
|
||||
}
|
||||
|
||||
chatsAPI.list = async (caller, { page, perPage }) => {
|
||||
const start = Math.max(0, page - 1) * perPage;
|
||||
const stop = start + perPage;
|
||||
const { rooms } = await messaging.getRecentChats(caller.uid, caller.uid, start, stop);
|
||||
|
||||
return { rooms };
|
||||
};
|
||||
|
||||
chatsAPI.create = async function (caller, data) {
|
||||
if (rateLimitExceeded(caller)) {
|
||||
throw new Error('[[error:too-many-messages]]');
|
||||
}
|
||||
|
||||
if (!data) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
if (!data.uids || !Array.isArray(data.uids)) {
|
||||
throw new Error(`[[error:wrong-parameter-type, uids, ${typeof data.uids}, Array]]`);
|
||||
}
|
||||
@@ -38,10 +49,15 @@ chatsAPI.create = async function (caller, data) {
|
||||
return await messaging.getRoomData(roomId);
|
||||
};
|
||||
|
||||
chatsAPI.get = async (caller, { uid, roomId }) => await messaging.loadRoom(caller.uid, { uid, roomId });
|
||||
|
||||
chatsAPI.post = async (caller, data) => {
|
||||
if (rateLimitExceeded(caller)) {
|
||||
throw new Error('[[error:too-many-messages]]');
|
||||
}
|
||||
if (!data || !data.roomId || !caller.uid) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
|
||||
({ data } = await plugins.hooks.fire('filter:messaging.send', {
|
||||
data,
|
||||
@@ -63,6 +79,9 @@ chatsAPI.post = async (caller, data) => {
|
||||
};
|
||||
|
||||
chatsAPI.rename = async (caller, data) => {
|
||||
if (!data || !data.roomId || !data.name) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
await messaging.renameRoom(caller.uid, data.roomId, data.name);
|
||||
const uids = await messaging.getUidsInRoom(data.roomId, 0, -1);
|
||||
const eventData = { roomId: data.roomId, newName: validator.escape(String(data.name)) };
|
||||
@@ -73,11 +92,45 @@ chatsAPI.rename = async (caller, data) => {
|
||||
});
|
||||
};
|
||||
|
||||
chatsAPI.mark = async (caller, data) => {
|
||||
if (!caller.uid || !data || !data.roomId) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
const { roomId, state } = data;
|
||||
if (state) {
|
||||
await messaging.markUnread([caller.uid], roomId);
|
||||
} else {
|
||||
await messaging.markRead(caller.uid, roomId);
|
||||
socketHelpers.emitToUids('event:chats.markedAsRead', { roomId: roomId }, [caller.uid]);
|
||||
|
||||
const uidsInRoom = await messaging.getUidsInRoom(roomId, 0, -1);
|
||||
if (!uidsInRoom.includes(String(caller.uid))) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Mark notification read
|
||||
const nids = uidsInRoom.filter(uid => parseInt(uid, 10) !== caller.uid)
|
||||
.map(uid => `chat_${uid}_${roomId}`);
|
||||
|
||||
await notifications.markReadMultiple(nids, caller.uid);
|
||||
await user.notifications.pushCount(caller.uid);
|
||||
}
|
||||
|
||||
socketHelpers.emitToUids('event:chats.mark', { roomId, state }, [caller.uid]);
|
||||
messaging.pushUnreadCount(caller.uid);
|
||||
|
||||
return messaging.loadRoom(caller.uid, { roomId });
|
||||
};
|
||||
|
||||
chatsAPI.users = async (caller, data) => {
|
||||
const [isOwner, users] = await Promise.all([
|
||||
const [isOwner, isUserInRoom, users] = await Promise.all([
|
||||
messaging.isRoomOwner(caller.uid, data.roomId),
|
||||
messaging.isUserInRoom(caller.uid, data.roomId),
|
||||
messaging.getUsersInRoom(data.roomId, 0, -1),
|
||||
]);
|
||||
if (!isUserInRoom) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
users.forEach((user) => {
|
||||
user.canKick = (parseInt(user.uid, 10) !== parseInt(caller.uid, 10)) && isOwner;
|
||||
});
|
||||
@@ -85,6 +138,14 @@ chatsAPI.users = async (caller, data) => {
|
||||
};
|
||||
|
||||
chatsAPI.invite = async (caller, data) => {
|
||||
const canChat = await privileges.global.can('chat', caller.uid);
|
||||
if (!canChat) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
if (!data || !data.roomId) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
|
||||
const userCount = await messaging.getUserCountInRoom(data.roomId);
|
||||
const maxUsers = meta.config.maximumUsersInChatRoom;
|
||||
if (maxUsers && userCount >= maxUsers) {
|
||||
@@ -103,6 +164,9 @@ chatsAPI.invite = async (caller, data) => {
|
||||
};
|
||||
|
||||
chatsAPI.kick = async (caller, data) => {
|
||||
if (!data || !data.roomId) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
const uidsExist = await user.exists(data.uids);
|
||||
if (!uidsExist.every(Boolean)) {
|
||||
throw new Error('[[error:no-user]]');
|
||||
@@ -118,3 +182,35 @@ chatsAPI.kick = async (caller, data) => {
|
||||
delete data.uids;
|
||||
return chatsAPI.users(caller, data);
|
||||
};
|
||||
|
||||
chatsAPI.listMessages = async (caller, { uid, roomId, start }) => {
|
||||
const messages = await messaging.getMessages({
|
||||
callerUid: caller.uid,
|
||||
uid,
|
||||
roomId,
|
||||
start,
|
||||
count: 50,
|
||||
});
|
||||
|
||||
return { messages };
|
||||
};
|
||||
|
||||
chatsAPI.getMessage = async (caller, { mid, roomId }) => {
|
||||
const messages = await messaging.getMessagesData([mid], caller.uid, roomId, false);
|
||||
return messages.pop();
|
||||
};
|
||||
|
||||
chatsAPI.editMessage = async (caller, { mid, roomId, message }) => {
|
||||
await messaging.canEdit(mid, caller.uid);
|
||||
await messaging.editMessage(caller.uid, mid, roomId, message);
|
||||
};
|
||||
|
||||
chatsAPI.deleteMessage = async (caller, { mid }) => {
|
||||
await messaging.canDelete(mid, caller.uid);
|
||||
await messaging.deleteMessage(mid, caller.uid);
|
||||
};
|
||||
|
||||
chatsAPI.restoreMessage = async (caller, { mid }) => {
|
||||
await messaging.canDelete(mid, caller.uid);
|
||||
await messaging.restoreMessage(mid, caller.uid);
|
||||
};
|
||||
|
||||
11
src/api/files.js
Normal file
11
src/api/files.js
Normal file
@@ -0,0 +1,11 @@
|
||||
'use strict';
|
||||
|
||||
const fs = require('fs').promises;
|
||||
|
||||
const filesApi = module.exports;
|
||||
|
||||
// path assertion and traversal guarding logic is in src/middleware/assert.js
|
||||
|
||||
filesApi.delete = async (_, { path }) => await fs.unlink(path);
|
||||
|
||||
filesApi.createFolder = async (_, { path }) => await fs.mkdir(path);
|
||||
@@ -25,6 +25,15 @@ flagsApi.create = async (caller, data) => {
|
||||
return flagObj;
|
||||
};
|
||||
|
||||
flagsApi.get = async (caller, { flagId }) => {
|
||||
const isPrivileged = await user.isPrivileged(caller.uid);
|
||||
if (!isPrivileged) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
return await flags.get(flagId);
|
||||
};
|
||||
|
||||
flagsApi.update = async (caller, data) => {
|
||||
const allowed = await user.isPrivileged(caller.uid);
|
||||
if (!allowed) {
|
||||
@@ -38,6 +47,8 @@ flagsApi.update = async (caller, data) => {
|
||||
return await flags.getHistory(flagId);
|
||||
};
|
||||
|
||||
flagsApi.delete = async (_, { flagId }) => await flags.purge([flagId]);
|
||||
|
||||
flagsApi.appendNote = async (caller, data) => {
|
||||
const allowed = await user.isPrivileged(caller.uid);
|
||||
if (!allowed) {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
'use strict';
|
||||
|
||||
module.exports = {
|
||||
admin: require('./admin'),
|
||||
users: require('./users'),
|
||||
groups: require('./groups'),
|
||||
topics: require('./topics'),
|
||||
@@ -8,4 +9,5 @@ module.exports = {
|
||||
chats: require('./chats'),
|
||||
categories: require('./categories'),
|
||||
flags: require('./flags'),
|
||||
files: require('./files'),
|
||||
};
|
||||
|
||||
@@ -333,3 +333,17 @@ postsAPI.restoreDiff = async (caller, data) => {
|
||||
const edit = await posts.diffs.restore(data.pid, data.since, caller.uid, apiHelpers.buildReqObject(caller));
|
||||
websockets.in(`topic_${edit.topic.tid}`).emit('event:post_edited', edit);
|
||||
};
|
||||
|
||||
postsAPI.deleteDiff = async (caller, { pid, timestamp }) => {
|
||||
const cid = await posts.getCidByPid(pid);
|
||||
const [isAdmin, isModerator] = await Promise.all([
|
||||
privileges.users.isAdministrator(caller.uid),
|
||||
privileges.users.isModerator(caller.uid, cid),
|
||||
]);
|
||||
|
||||
if (!(isAdmin || isModerator)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
await posts.diffs.delete(pid, timestamp, caller.uid);
|
||||
};
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
'use strict';
|
||||
|
||||
const validator = require('validator');
|
||||
|
||||
const user = require('../user');
|
||||
const topics = require('../topics');
|
||||
const posts = require('../posts');
|
||||
@@ -15,6 +17,22 @@ const socketHelpers = require('../socket.io/helpers');
|
||||
|
||||
const topicsAPI = module.exports;
|
||||
|
||||
topicsAPI._checkThumbPrivileges = async function ({ tid, uid }) {
|
||||
// req.params.tid could be either a tid (pushing a new thumb to an existing topic)
|
||||
// or a post UUID (a new topic being composed)
|
||||
const isUUID = validator.isUUID(tid);
|
||||
|
||||
// Sanity-check the tid if it's strictly not a uuid
|
||||
if (!isUUID && (isNaN(parseInt(tid, 10)) || !await topics.exists(tid))) {
|
||||
throw new Error('[[error:no-topic]]');
|
||||
}
|
||||
|
||||
// While drafts are not protected, tids are
|
||||
if (!isUUID && !await privileges.topics.canEdit(tid, uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
};
|
||||
|
||||
topicsAPI.get = async function (caller, data) {
|
||||
const [userPrivileges, topic] = await Promise.all([
|
||||
privileges.topics.get(data.tid, caller.uid),
|
||||
@@ -117,10 +135,12 @@ topicsAPI.purge = async function (caller, data) {
|
||||
});
|
||||
};
|
||||
|
||||
topicsAPI.pin = async function (caller, data) {
|
||||
await doTopicAction('pin', 'event:topic_pinned', caller, {
|
||||
tids: data.tids,
|
||||
});
|
||||
topicsAPI.pin = async function (caller, { tids, expiry }) {
|
||||
await doTopicAction('pin', 'event:topic_pinned', caller, { tids });
|
||||
|
||||
if (expiry) {
|
||||
await Promise.all(tids.map(async tid => topics.tools.setPinExpiry(tid, expiry, caller.uid)));
|
||||
}
|
||||
};
|
||||
|
||||
topicsAPI.unpin = async function (caller, data) {
|
||||
@@ -152,3 +172,87 @@ topicsAPI.ignore = async function (caller, data) {
|
||||
topicsAPI.unfollow = async function (caller, data) {
|
||||
await topics.unfollow(data.tid, caller.uid);
|
||||
};
|
||||
|
||||
topicsAPI.addTags = async (caller, { tid, tags }) => {
|
||||
if (!await privileges.topics.canEdit(tid, caller.uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const cid = await topics.getTopicField(tid, 'cid');
|
||||
await topics.validateTags(tags, cid, caller.uid, tid);
|
||||
tags = await topics.filterTags(tags);
|
||||
|
||||
await topics.addTags(tags, [tid]);
|
||||
};
|
||||
|
||||
topicsAPI.deleteTags = async (caller, { tid }) => {
|
||||
if (!await privileges.topics.canEdit(tid, caller.uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
await topics.deleteTopicTags(tid);
|
||||
};
|
||||
|
||||
topicsAPI.getThumbs = async (caller, { tid }) => {
|
||||
if (isFinite(tid)) { // post_uuids can be passed in occasionally, in that case no checks are necessary
|
||||
const [exists, canRead] = await Promise.all([
|
||||
topics.exists(tid),
|
||||
privileges.topics.can('topics:read', tid, caller.uid),
|
||||
]);
|
||||
if (!exists) {
|
||||
throw new Error('[[error:not-found]]');
|
||||
}
|
||||
if (!canRead) {
|
||||
throw new Error('[[error:not-allowed]]');
|
||||
}
|
||||
}
|
||||
|
||||
return await topics.thumbs.get(tid);
|
||||
};
|
||||
|
||||
// topicsAPI.addThumb
|
||||
|
||||
topicsAPI.migrateThumbs = async (caller, { from, to }) => {
|
||||
await Promise.all([
|
||||
topicsAPI._checkThumbPrivileges({ tid: from, uid: caller.uid }),
|
||||
topicsAPI._checkThumbPrivileges({ tid: to, uid: caller.uid }),
|
||||
]);
|
||||
|
||||
await topics.thumbs.migrate(from, to);
|
||||
};
|
||||
|
||||
topicsAPI.deleteThumb = async (caller, { tid, path }) => {
|
||||
await topicsAPI._checkThumbPrivileges({ tid: tid, uid: caller.uid });
|
||||
await topics.thumbs.delete(tid, path);
|
||||
};
|
||||
|
||||
topicsAPI.reorderThumbs = async (caller, { tid, path, order }) => {
|
||||
await topicsAPI._checkThumbPrivileges({ tid: tid, uid: caller.uid });
|
||||
|
||||
const exists = await topics.thumbs.exists(tid, path);
|
||||
if (!exists) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
|
||||
await topics.thumbs.associate({
|
||||
id: tid,
|
||||
path: path,
|
||||
score: order,
|
||||
});
|
||||
};
|
||||
|
||||
topicsAPI.getEvents = async (caller, { tid }) => {
|
||||
if (!await privileges.topics.can('topics:read', tid, caller.uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
return await topics.events.get(tid, caller.uid);
|
||||
};
|
||||
|
||||
topicsAPI.deleteEvent = async (caller, { tid, eventId }) => {
|
||||
if (!await privileges.topics.isAdminOrMod(tid, caller.uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
await topics.events.purge(tid, [eventId]);
|
||||
};
|
||||
|
||||
239
src/api/users.js
239
src/api/users.js
@@ -1,5 +1,9 @@
|
||||
'use strict';
|
||||
|
||||
const util = require('util');
|
||||
const path = require('path');
|
||||
const fs = require('fs').promises;
|
||||
|
||||
const validator = require('validator');
|
||||
const winston = require('winston');
|
||||
|
||||
@@ -14,17 +18,32 @@ const plugins = require('../plugins');
|
||||
const events = require('../events');
|
||||
const translator = require('../translator');
|
||||
const sockets = require('../socket.io');
|
||||
const utils = require('../utils');
|
||||
|
||||
const usersAPI = module.exports;
|
||||
|
||||
const hasAdminPrivilege = async (uid, privilege) => {
|
||||
const ok = await privileges.admin.can(`admin:${privilege}`, uid);
|
||||
if (!ok) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
};
|
||||
|
||||
usersAPI.create = async function (caller, data) {
|
||||
if (!data) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
await hasAdminPrivilege(caller.uid, 'users');
|
||||
|
||||
const uid = await user.create(data);
|
||||
return await user.getUserData(uid);
|
||||
};
|
||||
|
||||
usersAPI.get = async (caller, { uid }) => {
|
||||
const userData = await user.getUserData(uid);
|
||||
return await user.hidePrivateData(userData, caller.uid);
|
||||
};
|
||||
|
||||
usersAPI.update = async function (caller, data) {
|
||||
if (!caller.uid) {
|
||||
throw new Error('[[error:invalid-uid]]');
|
||||
@@ -90,6 +109,8 @@ usersAPI.deleteAccount = async function (caller, { uid, password }) {
|
||||
};
|
||||
|
||||
usersAPI.deleteMany = async function (caller, data) {
|
||||
await hasAdminPrivilege(caller.uid, 'users');
|
||||
|
||||
if (await canDeleteUids(data.uids)) {
|
||||
await Promise.all(data.uids.map(uid => processDeletion({ uid, method: 'delete', caller })));
|
||||
}
|
||||
@@ -286,6 +307,188 @@ usersAPI.unmute = async function (caller, data) {
|
||||
});
|
||||
};
|
||||
|
||||
usersAPI.generateToken = async (caller, { uid, description }) => {
|
||||
await hasAdminPrivilege(caller.uid, 'settings');
|
||||
if (parseInt(uid, 10) !== parseInt(caller.uid, 10)) {
|
||||
throw new Error('[[error:invalid-uid]]');
|
||||
}
|
||||
|
||||
const settings = await meta.settings.get('core.api');
|
||||
settings.tokens = settings.tokens || [];
|
||||
|
||||
const newToken = {
|
||||
token: utils.generateUUID(),
|
||||
uid: caller.uid,
|
||||
description: description || '',
|
||||
timestamp: Date.now(),
|
||||
};
|
||||
settings.tokens.push(newToken);
|
||||
await meta.settings.set('core.api', settings);
|
||||
|
||||
return newToken;
|
||||
};
|
||||
|
||||
usersAPI.deleteToken = async (caller, { uid, token }) => {
|
||||
await hasAdminPrivilege(caller.uid, 'settings');
|
||||
if (parseInt(uid, 10) !== parseInt(caller.uid, 10)) {
|
||||
throw new Error('[[error:invalid-uid]]');
|
||||
}
|
||||
|
||||
const settings = await meta.settings.get('core.api');
|
||||
const beforeLen = settings.tokens.length;
|
||||
settings.tokens = settings.tokens.filter(tokenObj => tokenObj.token !== token);
|
||||
if (beforeLen !== settings.tokens.length) {
|
||||
await meta.settings.set('core.api', settings);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
};
|
||||
|
||||
const getSessionAsync = util.promisify((sid, callback) => {
|
||||
db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null));
|
||||
});
|
||||
|
||||
usersAPI.revokeSession = async (caller, { uid, uuid }) => {
|
||||
// Only admins or global mods (besides the user themselves) can revoke sessions
|
||||
if (parseInt(uid, 10) !== caller.uid && !await user.isAdminOrGlobalMod(caller.uid)) {
|
||||
throw new Error('[[error:invalid-uid]]');
|
||||
}
|
||||
|
||||
const sids = await db.getSortedSetRange(`uid:${uid}:sessions`, 0, -1);
|
||||
let _id;
|
||||
for (const sid of sids) {
|
||||
/* eslint-disable no-await-in-loop */
|
||||
const sessionObj = await getSessionAsync(sid);
|
||||
if (sessionObj && sessionObj.meta && sessionObj.meta.uuid === uuid) {
|
||||
_id = sid;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!_id) {
|
||||
throw new Error('[[error:no-session-found]]');
|
||||
}
|
||||
|
||||
await user.auth.revokeSession(_id, uid);
|
||||
};
|
||||
|
||||
usersAPI.invite = async (caller, { emails, groupsToJoin, uid }) => {
|
||||
if (!emails || !Array.isArray(groupsToJoin)) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
|
||||
// For simplicity, this API route is restricted to self-use only. This can change if needed.
|
||||
if (parseInt(caller.uid, 10) !== parseInt(uid, 10)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const canInvite = await privileges.users.hasInvitePrivilege(caller.uid);
|
||||
if (!canInvite) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const { registrationType } = meta.config;
|
||||
const isAdmin = await user.isAdministrator(caller.uid);
|
||||
if (registrationType === 'admin-invite-only' && !isAdmin) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const inviteGroups = (await groups.getUserInviteGroups(caller.uid)).map(group => group.name);
|
||||
const cannotInvite = groupsToJoin.some(group => !inviteGroups.includes(group));
|
||||
if (groupsToJoin.length > 0 && cannotInvite) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const max = meta.config.maximumInvites;
|
||||
const emailsArr = emails.split(',').map(email => email.trim()).filter(Boolean);
|
||||
|
||||
for (const email of emailsArr) {
|
||||
/* eslint-disable no-await-in-loop */
|
||||
let invites = 0;
|
||||
if (max) {
|
||||
invites = await user.getInvitesNumber(caller.uid);
|
||||
}
|
||||
if (!isAdmin && max && invites >= max) {
|
||||
throw new Error(`[[error:invite-maximum-met, ${invites}, ${max}]]`);
|
||||
}
|
||||
|
||||
await user.sendInvitationEmail(caller.uid, email, groupsToJoin);
|
||||
}
|
||||
};
|
||||
|
||||
usersAPI.getInviteGroups = async (caller, { uid }) => {
|
||||
// For simplicity, this API route is restricted to self-use only. This can change if needed.
|
||||
if (parseInt(uid, 10) !== parseInt(caller.uid, 10)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const userInviteGroups = await groups.getUserInviteGroups(uid);
|
||||
return userInviteGroups.map(group => group.displayName);
|
||||
};
|
||||
|
||||
usersAPI.addEmail = async (caller, { email, skipConfirmation, uid }) => {
|
||||
const canManageUsers = await privileges.admin.can('admin:users', caller.uid);
|
||||
skipConfirmation = canManageUsers && skipConfirmation;
|
||||
|
||||
if (skipConfirmation) {
|
||||
await user.setUserField(uid, 'email', email);
|
||||
await user.email.confirmByUid(uid);
|
||||
} else {
|
||||
await usersAPI.update(caller, { uid, email });
|
||||
}
|
||||
|
||||
return await db.getSortedSetRangeByScore('email:uid', 0, 500, uid, uid);
|
||||
};
|
||||
|
||||
usersAPI.listEmails = async (caller, { uid }) => {
|
||||
const [isPrivileged, { showemail }] = await Promise.all([
|
||||
user.isPrivileged(caller.uid),
|
||||
user.getSettings(uid),
|
||||
]);
|
||||
const isSelf = caller.uid === parseInt(uid, 10);
|
||||
|
||||
if (isSelf || isPrivileged || showemail) {
|
||||
return await db.getSortedSetRangeByScore('email:uid', 0, 500, uid, uid);
|
||||
}
|
||||
|
||||
return null;
|
||||
};
|
||||
|
||||
usersAPI.getEmail = async (caller, { uid, email }) => {
|
||||
const [isPrivileged, { showemail }, exists] = await Promise.all([
|
||||
user.isPrivileged(caller.uid),
|
||||
user.getSettings(uid),
|
||||
db.isSortedSetMember('email:uid', email.toLowerCase()),
|
||||
]);
|
||||
const isSelf = caller.uid === parseInt(uid, 10);
|
||||
|
||||
return exists && (isSelf || isPrivileged || showemail);
|
||||
};
|
||||
|
||||
usersAPI.confirmEmail = async (caller, { uid, email, sessionId }) => {
|
||||
const [pending, current, canManage] = await Promise.all([
|
||||
user.email.isValidationPending(uid, email),
|
||||
user.getUserField(uid, 'email'),
|
||||
privileges.admin.can('admin:users', caller.uid),
|
||||
]);
|
||||
|
||||
if (!canManage) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
if (pending) { // has active confirmation request
|
||||
const code = await db.get(`confirm:byUid:${uid}`);
|
||||
await user.email.confirmByCode(code, sessionId);
|
||||
return true;
|
||||
} else if (current && current === email) { // i.e. old account w/ unconf. email in user hash
|
||||
await user.email.confirmByUid(uid);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
};
|
||||
|
||||
async function isPrivilegedOrSelfAndPasswordMatch(caller, data) {
|
||||
const { uid } = caller;
|
||||
const isSelf = parseInt(uid, 10) === parseInt(data.uid, 10);
|
||||
@@ -442,6 +645,37 @@ usersAPI.changePicture = async (caller, data) => {
|
||||
}, ['picture', 'icon:bgColor']);
|
||||
};
|
||||
|
||||
const exportMetadata = new Map([
|
||||
['posts', ['csv', 'text/csv']],
|
||||
['uploads', ['zip', 'application/zip']],
|
||||
['profile', ['json', 'application/json']],
|
||||
]);
|
||||
|
||||
const prepareExport = async ({ uid, type }) => {
|
||||
const [extension] = exportMetadata.get(type);
|
||||
const filename = `${uid}_${type}.${extension}`;
|
||||
try {
|
||||
const stat = await fs.stat(path.join(__dirname, '../../build/export', filename));
|
||||
return stat;
|
||||
} catch (e) {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
usersAPI.checkExportByType = async (caller, { uid, type }) => await prepareExport({ uid, type });
|
||||
|
||||
usersAPI.getExportByType = async (caller, { uid, type }) => {
|
||||
const [extension, mime] = exportMetadata.get(type);
|
||||
const filename = `${uid}_${type}.${extension}`;
|
||||
|
||||
const exists = await prepareExport({ uid, type });
|
||||
if (exists) {
|
||||
return { filename, mime };
|
||||
}
|
||||
|
||||
return false;
|
||||
};
|
||||
|
||||
usersAPI.generateExport = async (caller, { uid, type }) => {
|
||||
const count = await db.incrObjectField('locks', `export:${uid}${type}`);
|
||||
if (count > 1) {
|
||||
@@ -458,11 +692,10 @@ usersAPI.generateExport = async (caller, { uid, type }) => {
|
||||
});
|
||||
child.on('exit', async () => {
|
||||
await db.deleteObjectField('locks', `export:${uid}${type}`);
|
||||
const userData = await user.getUserFields(uid, ['username', 'userslug']);
|
||||
const { displayname } = userData;
|
||||
const { displayname } = await user.getUserFields(uid, ['username']);
|
||||
const n = await notifications.create({
|
||||
bodyShort: `[[notifications:${type}-exported, ${displayname}]]`,
|
||||
path: `/api/user/${userData.userslug}/export/${type}`,
|
||||
path: `/api/v3/users/${uid}/exports/${type}`,
|
||||
nid: `${type}:export:${uid}`,
|
||||
from: uid,
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user