Bootstrap5 (#10894)

* chore: up deps

* chore: up composer

* fix(deps): bump 2factor to v7

* chore: up harmony

* chore: up harmony

* fix: missing await

* feat: allow middlewares to pass in template values via res.locals

* feat: buildAccountData middleware automatically added ot all account routes

* fix: properly allow values in res.locals.templateValues to be added to the template data

* refactor: user/blocks

* refactor(accounts): categories and consent

* feat: automatically 404 if exposeUid or exposeGroupName come up empty

* refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now

* fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization

* fix: move reputation removal check to accountHelpers method

* test: skip i18n tests if ref branch when present is not develop

* fix(deps): bump theme versions

* fix(deps): bump ntfy and 2factor

* chore: up harmony

* fix: add missing return

* fix: #11191, only focus on search input on md environments and up

* feat: allow file uploads on mobile chat

closes https://github.com/NodeBB/NodeBB/issues/11217

* chore: up themes

* chore: add lang string

* fix(deps): bump ntfy to 1.0.15

* refactor: use new if/each syntax

* chore: up composer

* fix: regression from user helper refactor

* chore: up harmony

* chore: up composer

* chore: up harmony

* chore: up harmony

* chore: up harmony

* chore: fix composer version

* feat: add increment helper

* chore: up harmony

* fix: #11228 no timestamps in future 

* chore: up harmony

* check config.theme as well

fire action:posts.loaded after processing dom

* chore: up harmony

* chore: up harmony

* chore: up harmony

* chore: up themes

* chore: up harmony

* remove extra class

* refactor: move these to core from harmony

* chore: up widgets

* chore: up widgets

* height auto

* fix: closes #11238

* dont focus inputs, annoying on mobile

* fix: dont focus twice, only focus on chat input on desktop

dont wrap widget footer in row

* chore: up harmony

* chore: up harmony

* update chat window

* chore: up themes

* fix cache buster for skins

* chat fixes

* chore: up harmony

* chore: up composer

* refactor: change hook logs to debug

* fix: scroll to post right after adding to dom

* fix: hash scrolling and highlighting correct post

* test: re-enable read API schema tests

* fix: add back schema changes for 179faa2270 and c3920ccb10

* fix: schema changes from 488f0978a4

* fix: schema changes for f4cf482a87

* fix: schema update for be6bbabd0e

* fix: schema changes for 69c96078ea

* fix: schema changes for d1364c3130

* fix: schema changes for 84ff1152f7

* fix: schema changes for b860c2605c

* fix: schema changes for 23cb67a112

* fix: schema changes for b916e42f40

* fix: schema change for a9bbb586fc

* fix: schema changes for 4b738c8cd3

* fix: schema changes for 58b5781cea

* fix: schema changes for 794bf01b21

* fix: schema changes for 80ea12c1c1, e368feef51, and 52ead114be

* fix: composer-default object in config?

* fix: schema changes for 9acdc6808c and 0930934200

* fix: schema changes for c0a52924f1

* fix: schema change for aba420a3f3, move loggedInUser to optional props

* fix: schema changes for 8c67031609

* fix: schema changes for 27e53b42f3

* fix: schema changes for 2835966518

* fix: breaking test for email confirmation API call

* fix: schema changes for refactored search page

* fix: schema changes for user object

* fix: schema changes for 9f531f957e

* fix: schema changes for c4042c70de and 23175110a2

* fix: schema changes for 9b3616b103

* fix: schema changes for 5afd5de07d

* fix: schema change for 1d7baf1217

* fix: schema changes for 57bfb37c55 and be6bbabd0e

* fix: schema changes for 6e86b4afa2 and 3efad2e13b and 68f66223e7

* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before)

* fix: re-login on email change

* fix: schema changes for c926358d73

* fix: schema changes for 388a8270c9

* fix: schema change for 2658bcc821

* fix: no need to call account middlewares for chats routes

* fix: schema changes for 71743affc3

* fix: final schema changes

* test: support for anyOf and oneOf

* fix: check thumb

* dont scroll to top on back press

* remove group log

* fix: add top margin to merged and deleted alerts

* chore: up widgets

* fix: improve fix-lists mixin

* chore: up harmony/composer

* feat: allow hiding quicksearch results during search

* dont record searches made by composer

* chore: up 54

* chore: up spam be gone

* feat: add prev/next page and page count into mobile paginator

* chore: up harmony

* chore: up harmony

* use old style for IS

* fix: hide entire toolbar row if no posts or not singlePost

* fix: updated messaging for post-queue template, #11206

* fix: btn-sm on post queue back button

* fix: bump harmony, closes #11206

* fix: remove unused alert module import

* fix: bump harmony

* fix: bump harmony

* chore: up harmony

* refactor: IS scrolltop

* fix: update users:search-user-for-chat source string

* feat: support for mark-read toggle on chats dropdown and recent chats list

* feat: api v3 calls to mark chat read/unread

* feat: send event:chats.mark socket event on mark read or unread

* refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling

* docs: openapi schema updates for chat marking

* fix: allow unread state toggling in chats dropdown too

* fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread

* fix: debug log

* refactor: move userSearch filter to a module

* feat(routes): allow remounting /categories (#11230)

* feat: send flags count to frontend on flags list page

* refactor: filter form client-side js to extract out some logic

* fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden

* fix: use userFilter module for assignee, reporterId, targetUid

* fix(openapi): schema changes for updated flags page

* fix: dont allow adding duplicates to userFilter

* use same var

* remove log

* fix: closes #11282

* feat: lang key for x-topics

* chore: up harmony

* chore: up emoji

* chore: up harmony

* fix: update userFilter to allow new option `selectedBlock`

* fix: wrong block name passed to userFilter

* fix: https://github.com/NodeBB/NodeBB/issues/11283

* fix: chats, allow multiple dropdowns like in harmony

* chore: up harmony

* refactor: flag note adding/editing, closes #11285

* fix: remove old prepareEdit logic

* chore: add caveat about hacky code block in userFilter module

* fix: placeholders for userFilter module

* refactor: navigator so it works with multiple thumbs/navigators

* chore: up harmony

* fix: closes #11287, destroy quick reply autocomplete

on navigation

* fix: filter disabled categories on user categories page count

* chore: up harmony

* docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying

* fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests

* fix: tweak table order in ACP dash searches

* fix: only invoke navigator click drag on left mouse button

* feat: add back unread indicator to navigator

* clear bookmark on mark unread

* fix: navigator crash on ajaxify

* better thumb top calculation

* fix: reset user bookmark when topic is marked unread

* Revert "fix: reset user bookmark when topic is marked unread"

This reverts commit 9bcd85c2c6.

* fix: update unread indicator on scroll, add unread count

* chore: bump harmony

* fix: crash on navigator unread update when backing out of a topic

* fix: closes #11183

* fix: update topics:recent zset when rescheduling a topic

* fix: dupe quote button, increase delay, hide immediately on empty selection

* fix: navigator not showing up on first load

* refactor: remove glance

assorted fixes to navigator
dont reduce remaning count if user scrolls down and up quickly
only call topic.navigatorCallback when index changes

* more sanity checks for bookmark

dont allow setting bookmark higher than topic postcount

* closes #11218, 🚋

* Revert "fix: update topics:recent zset when rescheduling a topic"

This reverts commit 737973cca9.

* fix: #11306, show proper error if queued post doesn't exist

was showing no-privileges if someone else accepted the post

* https://github.com/NodeBB/NodeBB/issues/11307

dont use li

* chore: up harmony

* chore: bump version string

* fix: copy paste fail

* feat: closes #7382, tag filtering

add client side support for filtering by tags on /category, /recent and /unread

* chore: up harmony

* chore: up harmony

* Revert "fix: add back req.query fallback for backwards compatibility" [breaking]

This reverts commit cf6cc2c454.
This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x

This is a breaking change.

* fix: pass csrf token in form data, re: NodeBB/NodeBB#11309

* chore: up deps

* fix: tests, use x-csrf-token query param removed

* test: fix csrf_token

* lint: remove unused

* feat: add itemprop="image" to avatar helper

* fix: get chat upload button in chat modal

* breaking: remove deprecated socket.io methods

* test: update messaging tests to not use sockets

* fix: parent post links

* fix: prevent post tooltip if mouse leaves before data/tpl is loaded

* chore: up harmony

* chore: up harmony

* chore: up harmony

* chore: up harmony

* fix: nested replies indices

* fix(deps): bump 2factor

* feat: add loggedIn user to all api routes

* chore: up themes

* refactor: audit admin v3 write api routes as per #11321

* refactor: audit category v3 write api routes as per #11321 [breaking]

docs: fix open api spec for #11321

* refactor: audit chat v3 write api routes as per #11321

* refactor: audit files v3 write api routes as per #11321

* refactor: audit flags v3 write api routes as per #11321

* refactor: audit posts v3 write api routes as per #11321

* refactor: audit topics v3 write api routes as per #11321

* refactor: audit users v3 write api routes as per #11321

* fix: lang string

* remove min height

* fix: empty topic/labels taking up space

* fix: tag filtering when changing filter to watched topics

or changing popular time limit to month

* chore: up harmony

* fix: closes #11354, show no post error if queued post already accepted/rejected

* test: #11354

* test: #11354

* fix(deps): bump 2factor

* fix: #11357 clear cache on thumb remove

* fix: thumb remove on windows, closes #11357

* test: openapi for thumbs

* test: fix openapi

---------

Co-authored-by: Julian Lam <julian@nodebb.org>
Co-authored-by: Opliko <opliko.reg@protonmail.com>
This commit is contained in:
Barış Soner Uşaklı
2023-03-17 11:58:31 -04:00
committed by GitHub
parent 1e7f32b1c4
commit 7ba70d1561
564 changed files with 19068 additions and 36796 deletions

View File

@@ -1,42 +1,30 @@
'use strict';
const meta = require('../../meta');
const privileges = require('../../privileges');
const analytics = require('../../analytics');
const api = require('../../api');
const helpers = require('../helpers');
const Admin = module.exports;
Admin.updateSetting = async (req, res) => {
const ok = await privileges.admin.can('admin:settings', req.uid);
await api.admin.updateSetting(req, {
setting: req.params.setting,
value: req.body.value,
});
if (!ok) {
return helpers.formatApiResponse(403, res);
}
await meta.configs.set(req.params.setting, req.body.value);
helpers.formatApiResponse(200, res);
};
Admin.getAnalyticsKeys = async (req, res) => {
let keys = await analytics.getKeys();
// Sort keys alphabetically
keys = keys.sort((a, b) => (a < b ? -1 : 1));
helpers.formatApiResponse(200, res, { keys });
helpers.formatApiResponse(200, res, {
keys: await api.admin.getAnalyticsKeys(),
});
};
Admin.getAnalyticsData = async (req, res) => {
// Default returns views from past 24 hours, by hour
if (!req.query.amount) {
if (req.query.units === 'days') {
req.query.amount = 30;
} else {
req.query.amount = 24;
}
}
const getStats = req.query.units === 'days' ? analytics.getDailyStatsForSet : analytics.getHourlyStatsForSet;
helpers.formatApiResponse(200, res, await getStats(`analytics:${req.params.set}`, parseInt(req.query.until, 10) || Date.now(), req.query.amount));
helpers.formatApiResponse(200, res, await api.admin.getAnalyticsData(req, {
set: req.params.set,
until: parseInt(req.query.until, 10) || Date.now(),
amount: req.query.amount,
units: req.query.units,
}));
};

View File

@@ -1,6 +1,5 @@
'use strict';
const privileges = require('../../privileges');
const categories = require('../../categories');
const api = require('../../api');
@@ -8,75 +7,56 @@ const helpers = require('../helpers');
const Categories = module.exports;
const hasAdminPrivilege = async (uid) => {
const ok = await privileges.admin.can(`admin:categories`, uid);
if (!ok) {
throw new Error('[[error:no-privileges]]');
}
};
Categories.get = async (req, res) => {
helpers.formatApiResponse(200, res, await api.categories.get(req, req.params));
};
Categories.create = async (req, res) => {
await hasAdminPrivilege(req.uid);
const response = await api.categories.create(req, req.body);
helpers.formatApiResponse(200, res, response);
};
Categories.update = async (req, res) => {
await hasAdminPrivilege(req.uid);
await api.categories.update(req, {
cid: req.params.cid,
values: req.body,
});
const payload = {};
payload[req.params.cid] = req.body;
await api.categories.update(req, payload);
const categoryObjs = await categories.getCategories([req.params.cid]);
helpers.formatApiResponse(200, res, categoryObjs[0]);
};
Categories.delete = async (req, res) => {
await hasAdminPrivilege(req.uid);
await api.categories.delete(req, { cid: req.params.cid });
helpers.formatApiResponse(200, res);
};
Categories.getPrivileges = async (req, res) => {
if (!await privileges.admin.can('admin:privileges', req.uid)) {
throw new Error('[[error:no-privileges]]');
}
const privilegeSet = await api.categories.getPrivileges(req, req.params.cid);
const privilegeSet = await api.categories.getPrivileges(req, { cid: req.params.cid });
helpers.formatApiResponse(200, res, privilegeSet);
};
Categories.setPrivilege = async (req, res) => {
if (!await privileges.admin.can('admin:privileges', req.uid)) {
throw new Error('[[error:no-privileges]]');
}
const { cid, privilege } = req.params;
await api.categories.setPrivilege(req, {
...req.params,
cid,
privilege,
member: req.body.member,
set: req.method === 'PUT',
});
const privilegeSet = await api.categories.getPrivileges(req, req.params.cid);
const privilegeSet = await api.categories.getPrivileges(req, { cid: req.params.cid });
helpers.formatApiResponse(200, res, privilegeSet);
};
Categories.setModerator = async (req, res) => {
if (!await privileges.admin.can('admin:admins-mods', req.uid)) {
throw new Error('[[error:no-privileges]]');
}
const privilegeList = await privileges.categories.getUserPrivilegeList();
await api.categories.setPrivilege(req, {
await api.categories.setModerator(req, {
cid: req.params.cid,
privilege: privilegeList,
member: req.params.uid,
set: req.method === 'PUT',
});
helpers.formatApiResponse(200, res);
const privilegeSet = await api.categories.getPrivileges(req, { cid: req.params.cid });
helpers.formatApiResponse(200, res, privilegeSet);
};

View File

@@ -1,8 +1,6 @@
'use strict';
const api = require('../../api');
const messaging = require('../../messaging');
const helpers = require('../helpers');
const Chats = module.exports;
@@ -10,9 +8,7 @@ const Chats = module.exports;
Chats.list = async (req, res) => {
const page = (isFinite(req.query.page) && parseInt(req.query.page, 10)) || 1;
const perPage = (isFinite(req.query.perPage) && parseInt(req.query.perPage, 10)) || 20;
const start = Math.max(0, page - 1) * perPage;
const stop = start + perPage;
const { rooms } = await messaging.getRecentChats(req.uid, req.uid, start, stop);
const { rooms } = await api.chats.list(req, { page, perPage });
helpers.formatApiResponse(200, res, { rooms });
};
@@ -23,21 +19,20 @@ Chats.create = async (req, res) => {
};
Chats.exists = async (req, res) => {
// yes, this is fine. Room existence is checked via middleware :)
helpers.formatApiResponse(200, res);
};
Chats.get = async (req, res) => {
const roomObj = await messaging.loadRoom(req.uid, {
helpers.formatApiResponse(200, res, await api.chats.get(req, {
uid: req.query.uid || req.uid,
roomId: req.params.roomId,
});
helpers.formatApiResponse(200, res, roomObj);
}));
};
Chats.post = async (req, res) => {
const messageObj = await api.chats.post(req, {
...req.body,
message: req.body.message,
roomId: req.params.roomId,
});
@@ -46,23 +41,34 @@ Chats.post = async (req, res) => {
Chats.rename = async (req, res) => {
const roomObj = await api.chats.rename(req, {
...req.body,
name: req.body.name,
roomId: req.params.roomId,
});
helpers.formatApiResponse(200, res, roomObj);
};
Chats.users = async (req, res) => {
const users = await api.chats.users(req, {
...req.params,
Chats.mark = async (req, res) => {
const state = req.method === 'PUT' ? 1 : 0;
const roomObj = await api.chats.mark(req, {
roomId: req.params.roomId,
state,
});
helpers.formatApiResponse(200, res, roomObj);
};
Chats.users = async (req, res) => {
const { roomId } = req.params;
const users = await api.chats.users(req, { roomId });
helpers.formatApiResponse(200, res, users);
};
Chats.invite = async (req, res) => {
const { uids } = req.body;
const users = await api.chats.invite(req, {
...req.body,
uids,
roomId: req.params.roomId,
});
@@ -70,8 +76,9 @@ Chats.invite = async (req, res) => {
};
Chats.kick = async (req, res) => {
const { uids } = req.body;
const users = await api.chats.kick(req, {
...req.body,
uids,
roomId: req.params.roomId,
});
@@ -79,9 +86,9 @@ Chats.kick = async (req, res) => {
};
Chats.kickUser = async (req, res) => {
req.body.uids = [req.params.uid];
const uids = [req.params.uid];
const users = await api.chats.kick(req, {
...req.body,
uids,
roomId: req.params.roomId,
});
@@ -90,40 +97,38 @@ Chats.kickUser = async (req, res) => {
Chats.messages = {};
Chats.messages.list = async (req, res) => {
const messages = await messaging.getMessages({
callerUid: req.uid,
uid: req.query.uid || req.uid,
roomId: req.params.roomId,
start: parseInt(req.query.start, 10) || 0,
count: 50,
});
const uid = req.query.uid || req.uid;
const { roomId } = req.params;
const start = parseInt(req.query.start, 10) || 0;
const { messages } = await api.chats.listMessages(req, { uid, roomId, start });
helpers.formatApiResponse(200, res, { messages });
};
Chats.messages.get = async (req, res) => {
const messages = await messaging.getMessagesData([req.params.mid], req.uid, req.params.roomId, false);
helpers.formatApiResponse(200, res, messages.pop());
const { mid, roomId } = req.params;
helpers.formatApiResponse(200, res, await api.chats.getMessage(req, { mid, roomId }));
};
Chats.messages.edit = async (req, res) => {
await messaging.canEdit(req.params.mid, req.uid);
await messaging.editMessage(req.uid, req.params.mid, req.params.roomId, req.body.message);
const { mid, roomId } = req.params;
const { message } = req.body;
await api.chats.editMessage(req, { mid, roomId, message });
const messages = await messaging.getMessagesData([req.params.mid], req.uid, req.params.roomId, false);
helpers.formatApiResponse(200, res, messages.pop());
helpers.formatApiResponse(200, res, await api.chats.getMessage(req, { mid, roomId }));
};
Chats.messages.delete = async (req, res) => {
await messaging.canDelete(req.params.mid, req.uid);
await messaging.deleteMessage(req.params.mid, req.uid);
const { mid } = req.params;
await api.chats.deleteMessage(req, { mid });
helpers.formatApiResponse(200, res);
};
Chats.messages.restore = async (req, res) => {
await messaging.canDelete(req.params.mid, req.uid);
await messaging.restoreMessage(req.params.mid, req.uid);
const { mid } = req.params;
await api.chats.restoreMessage(req, { mid });
helpers.formatApiResponse(200, res);
};

View File

@@ -1,16 +1,16 @@
'use strict';
const fs = require('fs').promises;
const helpers = require('../helpers');
const api = require('../../api');
const Files = module.exports;
Files.delete = async (req, res) => {
await fs.unlink(res.locals.cleanedPath);
await api.files.delete(req, { path: res.locals.cleanedPath });
helpers.formatApiResponse(200, res);
};
Files.createFolder = async (req, res) => {
await fs.mkdir(res.locals.folderPath);
await api.files.createFolder(req, { path: res.locals.folderPath });
helpers.formatApiResponse(200, res);
};

View File

@@ -1,53 +1,48 @@
'use strict';
const user = require('../../user');
const flags = require('../../flags');
const api = require('../../api');
const helpers = require('../helpers');
const Flags = module.exports;
Flags.create = async (req, res) => {
const flagObj = await api.flags.create(req, { ...req.body });
const { type, id, reason } = req.body;
const flagObj = await api.flags.create(req, { type, id, reason });
helpers.formatApiResponse(200, res, await user.isPrivileged(req.uid) ? flagObj : undefined);
};
Flags.get = async (req, res) => {
const isPrivileged = await user.isPrivileged(req.uid);
if (!isPrivileged) {
return helpers.formatApiResponse(403, res);
}
helpers.formatApiResponse(200, res, await flags.get(req.params.flagId));
helpers.formatApiResponse(200, res, await api.flags.get(req, req.params.flagId));
};
Flags.update = async (req, res) => {
const { state, assignee } = req.body;
const history = await api.flags.update(req, {
flagId: req.params.flagId,
...req.body,
state,
assignee,
});
helpers.formatApiResponse(200, res, { history });
};
Flags.delete = async (req, res) => {
await flags.purge([req.params.flagId]);
await api.flags.delete(req, { flagId: req.params.flagId });
helpers.formatApiResponse(200, res);
};
Flags.appendNote = async (req, res) => {
const { note, datetime } = req.body;
const payload = await api.flags.appendNote(req, {
flagId: req.params.flagId,
...req.body,
note,
datetime,
});
helpers.formatApiResponse(200, res, payload);
};
Flags.deleteNote = async (req, res) => {
const payload = await api.flags.deleteNote(req, {
...req.params,
});
helpers.formatApiResponse(200, res, payload);
helpers.formatApiResponse(200, res, await api.flags.deleteNote(req, req.params));
};

View File

@@ -1,11 +1,8 @@
'use strict';
const posts = require('../../posts');
const privileges = require('../../privileges');
const api = require('../../api');
const helpers = require('../helpers');
const apiHelpers = require('../../api/helpers');
const Posts = module.exports;
@@ -18,7 +15,6 @@ Posts.edit = async (req, res) => {
...req.body,
pid: req.params.pid,
uid: req.uid,
req: apiHelpers.buildReqObject(req),
});
helpers.formatApiResponse(200, res, editResult);
@@ -96,21 +92,7 @@ Posts.restoreDiff = async (req, res) => {
};
Posts.deleteDiff = async (req, res) => {
if (!parseInt(req.params.pid, 10)) {
throw new Error('[[error:invalid-data]]');
}
const cid = await posts.getCidByPid(req.params.pid);
const [isAdmin, isModerator] = await Promise.all([
privileges.users.isAdministrator(req.uid),
privileges.users.isModerator(req.uid, cid),
]);
if (!(isAdmin || isModerator)) {
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
}
await posts.diffs.delete(req.params.pid, req.params.timestamp, req.uid);
await api.posts.deleteDiff(req, { ...req.params });
helpers.formatApiResponse(200, res, await api.posts.getDiffs(req, { ...req.params }));
};

View File

@@ -1,11 +1,8 @@
'use strict';
const validator = require('validator');
const db = require('../../database');
const api = require('../../api');
const topics = require('../../topics');
const privileges = require('../../privileges');
const helpers = require('../helpers');
const middleware = require('../../middleware');
@@ -67,11 +64,8 @@ Topics.purge = async (req, res) => {
};
Topics.pin = async (req, res) => {
// Pin expiry was not available w/ sockets hence not included in api lib method
if (req.body.expiry) {
await topics.tools.setPinExpiry(req.params.tid, req.body.expiry, req.uid);
}
await api.topics.pin(req, { tids: [req.params.tid] });
const { expiry } = req.body;
await api.topics.pin(req, { tids: [req.params.tid], expiry });
helpers.formatApiResponse(200, res);
};
@@ -107,45 +101,26 @@ Topics.unfollow = async (req, res) => {
};
Topics.addTags = async (req, res) => {
if (!await privileges.topics.canEdit(req.params.tid, req.user.uid)) {
return helpers.formatApiResponse(403, res);
}
const cid = await topics.getTopicField(req.params.tid, 'cid');
await topics.validateTags(req.body.tags, cid, req.user.uid, req.params.tid);
const tags = await topics.filterTags(req.body.tags);
await api.topics.addTags(req, {
tid: req.params.tid,
tags: req.body.tags,
});
await topics.addTags(tags, [req.params.tid]);
helpers.formatApiResponse(200, res);
};
Topics.deleteTags = async (req, res) => {
if (!await privileges.topics.canEdit(req.params.tid, req.user.uid)) {
return helpers.formatApiResponse(403, res);
}
await topics.deleteTopicTags(req.params.tid);
await api.topics.deleteTags(req, { tid: req.params.tid });
helpers.formatApiResponse(200, res);
};
Topics.getThumbs = async (req, res) => {
if (isFinite(req.params.tid)) { // post_uuids can be passed in occasionally, in that case no checks are necessary
const [exists, canRead] = await Promise.all([
topics.exists(req.params.tid),
privileges.topics.can('topics:read', req.params.tid, req.uid),
]);
if (!exists || !canRead) {
return helpers.formatApiResponse(403, res);
}
}
helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
helpers.formatApiResponse(200, res, await api.topics.getThumbs(req, { ...req.params }));
};
Topics.addThumb = async (req, res) => {
await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
if (res.headersSent) {
return;
}
// todo: move controller logic to src/api/topics.js
await api.topics._checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid });
const files = await uploadsController.uploadThumb(req, res); // response is handled here
@@ -161,16 +136,12 @@ Topics.addThumb = async (req, res) => {
};
Topics.migrateThumbs = async (req, res) => {
await Promise.all([
checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res }),
checkThumbPrivileges({ tid: req.body.tid, uid: req.user.uid, res }),
]);
if (res.headersSent) {
return;
}
await api.topics.migrateThumbs(req, {
from: req.params.tid,
to: req.body.tid,
});
await topics.thumbs.migrate(req.params.tid, req.body.tid);
helpers.formatApiResponse(200, res);
helpers.formatApiResponse(200, res, await api.topics.getThumbs(req, { tid: req.body.tid }));
};
Topics.deleteThumb = async (req, res) => {
@@ -181,62 +152,32 @@ Topics.deleteThumb = async (req, res) => {
}
}
await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
if (res.headersSent) {
return;
}
await topics.thumbs.delete(req.params.tid, req.body.path);
await api.topics.deleteThumb(req, {
tid: req.params.tid,
path: req.body.path,
});
helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
};
Topics.reorderThumbs = async (req, res) => {
await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
if (res.headersSent) {
return;
}
const exists = await topics.thumbs.exists(req.params.tid, req.body.path);
if (!exists) {
return helpers.formatApiResponse(404, res);
}
await topics.thumbs.associate({
id: req.params.tid,
path: req.body.path,
score: req.body.order,
const { path, order } = req.body;
await api.topics.reorderThumbs(req, {
path,
order,
...req.params,
});
helpers.formatApiResponse(200, res);
helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
};
async function checkThumbPrivileges({ tid, uid, res }) {
// req.params.tid could be either a tid (pushing a new thumb to an existing topic)
// or a post UUID (a new topic being composed)
const isUUID = validator.isUUID(tid);
// Sanity-check the tid if it's strictly not a uuid
if (!isUUID && (isNaN(parseInt(tid, 10)) || !await topics.exists(tid))) {
return helpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
}
// While drafts are not protected, tids are
if (!isUUID && !await privileges.topics.canEdit(tid, uid)) {
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
}
}
Topics.getEvents = async (req, res) => {
if (!await privileges.topics.can('topics:read', req.params.tid, req.uid)) {
return helpers.formatApiResponse(403, res);
}
const events = await api.topics.getEvents(req, { ...req.params });
helpers.formatApiResponse(200, res, await topics.events.get(req.params.tid, req.uid));
helpers.formatApiResponse(200, res, { events });
};
Topics.deleteEvent = async (req, res) => {
if (!await privileges.topics.isAdminOrMod(req.params.tid, req.uid)) {
return helpers.formatApiResponse(403, res);
}
await topics.events.purge(req.params.tid, [req.params.eventId]);
await api.topics.deleteEvent(req, { ...req.params });
helpers.formatApiResponse(200, res);
};

View File

@@ -1,36 +1,16 @@
'use strict';
const util = require('util');
const nconf = require('nconf');
const path = require('path');
const crypto = require('crypto');
const fs = require('fs').promises;
const db = require('../../database');
const api = require('../../api');
const groups = require('../../groups');
const meta = require('../../meta');
const privileges = require('../../privileges');
const user = require('../../user');
const utils = require('../../utils');
const helpers = require('../helpers');
const Users = module.exports;
const exportMetadata = new Map([
['posts', ['csv', 'text/csv']],
['uploads', ['zip', 'application/zip']],
['profile', ['json', 'application/json']],
]);
const hasAdminPrivilege = async (uid, privilege) => {
const ok = await privileges.admin.can(`admin:${privilege}`, uid);
if (!ok) {
throw new Error('[[error:no-privileges]]');
}
};
Users.redirectBySlug = async (req, res) => {
const uid = await user.getUidByUserslug(req.params.userslug);
@@ -44,7 +24,6 @@ Users.redirectBySlug = async (req, res) => {
};
Users.create = async (req, res) => {
await hasAdminPrivilege(req.uid, 'users');
const userObj = await api.users.create(req, req.body);
helpers.formatApiResponse(200, res, userObj);
};
@@ -54,9 +33,7 @@ Users.exists = async (req, res) => {
};
Users.get = async (req, res) => {
const userData = await user.getUserData(req.params.uid);
const publicUserData = await user.hidePrivateData(userData, req.uid);
helpers.formatApiResponse(200, res, publicUserData);
helpers.formatApiResponse(200, res, await api.users.get(req, { ...req.params }));
};
Users.update = async (req, res) => {
@@ -80,7 +57,6 @@ Users.deleteAccount = async (req, res) => {
};
Users.deleteMany = async (req, res) => {
await hasAdminPrivilege(req.uid, 'users');
await api.users.deleteMany(req, req.body);
helpers.formatApiResponse(200, res);
};
@@ -131,155 +107,50 @@ Users.unmute = async (req, res) => {
};
Users.generateToken = async (req, res) => {
await hasAdminPrivilege(req.uid, 'settings');
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
return helpers.formatApiResponse(401, res);
}
const settings = await meta.settings.get('core.api');
settings.tokens = settings.tokens || [];
const newToken = {
token: utils.generateUUID(),
uid: req.user.uid,
description: req.body.description || '',
timestamp: Date.now(),
};
settings.tokens.push(newToken);
await meta.settings.set('core.api', settings);
helpers.formatApiResponse(200, res, newToken);
const { description } = req.body;
const token = await api.users.generateToken(req, { description, ...req.params });
helpers.formatApiResponse(200, res, token);
};
Users.deleteToken = async (req, res) => {
await hasAdminPrivilege(req.uid, 'settings');
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
return helpers.formatApiResponse(401, res);
}
const settings = await meta.settings.get('core.api');
const beforeLen = settings.tokens.length;
settings.tokens = settings.tokens.filter(tokenObj => tokenObj.token !== req.params.token);
if (beforeLen !== settings.tokens.length) {
await meta.settings.set('core.api', settings);
helpers.formatApiResponse(200, res);
} else {
helpers.formatApiResponse(404, res);
}
const ok = await api.users.deleteToken(req, { ...req.params });
helpers.formatApiResponse(ok ? 200 : 404, res);
};
const getSessionAsync = util.promisify((sid, callback) => {
db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null));
});
Users.revokeSession = async (req, res) => {
// Only admins or global mods (besides the user themselves) can revoke sessions
if (parseInt(req.params.uid, 10) !== req.uid && !await user.isAdminOrGlobalMod(req.uid)) {
return helpers.formatApiResponse(404, res);
}
const sids = await db.getSortedSetRange(`uid:${req.params.uid}:sessions`, 0, -1);
let _id;
for (const sid of sids) {
/* eslint-disable no-await-in-loop */
const sessionObj = await getSessionAsync(sid);
if (sessionObj && sessionObj.meta && sessionObj.meta.uuid === req.params.uuid) {
_id = sid;
break;
}
}
if (!_id) {
throw new Error('[[error:no-session-found]]');
}
await user.auth.revokeSession(_id, req.params.uid);
await api.users.revokeSession(req, { ...req.params });
helpers.formatApiResponse(200, res);
};
Users.invite = async (req, res) => {
const { emails, groupsToJoin = [] } = req.body;
if (!emails || !Array.isArray(groupsToJoin)) {
return helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
}
// For simplicity, this API route is restricted to self-use only. This can change if needed.
if (parseInt(req.user.uid, 10) !== parseInt(req.params.uid, 10)) {
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
}
const canInvite = await privileges.users.hasInvitePrivilege(req.uid);
if (!canInvite) {
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
}
const { registrationType } = meta.config;
const isAdmin = await user.isAdministrator(req.uid);
if (registrationType === 'admin-invite-only' && !isAdmin) {
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
}
const inviteGroups = (await groups.getUserInviteGroups(req.uid)).map(group => group.name);
const cannotInvite = groupsToJoin.some(group => !inviteGroups.includes(group));
if (groupsToJoin.length > 0 && cannotInvite) {
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
}
const max = meta.config.maximumInvites;
const emailsArr = emails.split(',').map(email => email.trim()).filter(Boolean);
for (const email of emailsArr) {
/* eslint-disable no-await-in-loop */
let invites = 0;
if (max) {
invites = await user.getInvitesNumber(req.uid);
}
if (!isAdmin && max && invites >= max) {
return helpers.formatApiResponse(403, res, new Error(`[[error:invite-maximum-met, ${invites}, ${max}]]`));
try {
await api.users.invite(req, { emails, groupsToJoin, ...req.params });
helpers.formatApiResponse(200, res);
} catch (e) {
if (e.message.startsWith('[[error:invite-maximum-met')) {
return helpers.formatApiResponse(403, res, e);
}
await user.sendInvitationEmail(req.uid, email, groupsToJoin);
throw e;
}
return helpers.formatApiResponse(200, res);
};
Users.getInviteGroups = async function (req, res) {
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
return helpers.formatApiResponse(401, res);
}
const userInviteGroups = await groups.getUserInviteGroups(req.params.uid);
return helpers.formatApiResponse(200, res, userInviteGroups.map(group => group.displayName));
return helpers.formatApiResponse(200, res, await api.users.getInviteGroups(req, { ...req.params }));
};
Users.addEmail = async (req, res) => {
const canManageUsers = await privileges.admin.can('admin:users', req.uid);
const skipConfirmation = canManageUsers && req.body.skipConfirmation;
const { email, skipConfirmation } = req.body;
const emails = await api.users.addEmail(req, { email, skipConfirmation, ...req.params });
if (skipConfirmation) {
await user.setUserField(req.params.uid, 'email', req.body.email);
await user.email.confirmByUid(req.params.uid);
} else {
await api.users.update(req, {
uid: req.params.uid,
email: req.body.email,
});
}
const emails = await db.getSortedSetRangeByScore('email:uid', 0, 500, req.params.uid, req.params.uid);
helpers.formatApiResponse(200, res, { emails });
};
Users.listEmails = async (req, res) => {
const [isPrivileged, { showemail }] = await Promise.all([
user.isPrivileged(req.uid),
user.getSettings(req.params.uid),
]);
const isSelf = req.uid === parseInt(req.params.uid, 10);
if (isSelf || isPrivileged || showemail) {
const emails = await db.getSortedSetRangeByScore('email:uid', 0, 500, req.params.uid, req.params.uid);
const emails = await api.users.listEmails(req, { ...req.params });
if (emails) {
helpers.formatApiResponse(200, res, { emails });
} else {
helpers.formatApiResponse(204, res);
@@ -287,79 +158,38 @@ Users.listEmails = async (req, res) => {
};
Users.getEmail = async (req, res) => {
const [isPrivileged, { showemail }, exists] = await Promise.all([
user.isPrivileged(req.uid),
user.getSettings(req.params.uid),
db.isSortedSetMember('email:uid', req.params.email.toLowerCase()),
]);
const isSelf = req.uid === parseInt(req.params.uid, 10);
if (exists && (isSelf || isPrivileged || showemail)) {
helpers.formatApiResponse(204, res);
} else {
helpers.formatApiResponse(404, res);
}
const ok = await api.users.getEmail(req, { ...req.params });
helpers.formatApiResponse(ok ? 204 : 404, res);
};
Users.confirmEmail = async (req, res) => {
const [pending, current, canManage] = await Promise.all([
user.email.isValidationPending(req.params.uid, req.params.email),
user.getUserField(req.params.uid, 'email'),
privileges.admin.can('admin:users', req.uid),
]);
if (!canManage) {
return helpers.notAllowed(req, res);
}
if (pending) { // has active confirmation request
const code = await db.get(`confirm:byUid:${req.params.uid}`);
await user.email.confirmByCode(code, req.session.id);
helpers.formatApiResponse(200, res);
} else if (current && current === req.params.email) { // email in user hash (i.e. email passed into user.create)
await user.email.confirmByUid(req.params.uid);
helpers.formatApiResponse(200, res);
} else {
helpers.formatApiResponse(404, res);
}
};
const prepareExport = async (req, res) => {
const [extension] = exportMetadata.get(req.params.type);
const filename = `${req.params.uid}_${req.params.type}.${extension}`;
try {
const stat = await fs.stat(path.join(__dirname, '../../../build/export', filename));
const modified = new Date(stat.mtimeMs);
res.set('Last-Modified', modified.toUTCString());
res.set('ETag', `"${crypto.createHash('md5').update(String(stat.mtimeMs)).digest('hex')}"`);
res.status(204);
return true;
} catch (e) {
res.status(404);
return false;
}
const ok = await api.users.confirmEmail(req, {
sessionId: req.session.id,
...req.params,
});
helpers.formatApiResponse(ok ? 200 : 404, res);
};
Users.checkExportByType = async (req, res) => {
await prepareExport(req, res);
res.end();
const stat = await api.users.checkExportByType(req, { ...req.params });
const modified = new Date(stat.mtimeMs);
res.set('Last-Modified', modified.toUTCString());
res.set('ETag', `"${crypto.createHash('md5').update(String(stat.mtimeMs)).digest('hex')}"`);
res.sendStatus(204);
};
Users.getExportByType = async (req, res) => {
const [extension, mime] = exportMetadata.get(req.params.type);
const filename = `${req.params.uid}_${req.params.type}.${extension}`;
const exists = await prepareExport(req, res);
if (!exists) {
return res.end();
Users.getExportByType = async (req, res, next) => {
const data = await api.users.getExportByType(req, ({ ...req.params }));
if (!data) {
return next();
}
res.status(200);
res.sendFile(filename, {
res.sendFile(data.filename, {
root: path.join(__dirname, '../../../build/export'),
headers: {
'Content-Type': mime,
'Content-Disposition': `attachment; filename=${filename}`,
'Content-Type': data.mime,
'Content-Disposition': `attachment; filename=${data.filename}`,
},
}, (err) => {
if (err) {