From 80ccc6fd581d791f31e7ab62de8de611837bfc3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Zanghelini?= <an_dz@simutrans-forum>
Date: Sat, 3 Jun 2017 18:08:15 -0300
Subject: [PATCH] Compose without scripts

---
 src/controllers/helpers.js | 14 +++++++++
 src/controllers/index.js   | 58 ++++++++++++++++++++++++++++++++++++++
 src/routes/index.js        |  2 ++
 3 files changed, 74 insertions(+)

diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js
index 761faafa82..3057aa5265 100644
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -14,6 +14,20 @@ var middleware = require('../middleware');
 
 var helpers = module.exports;
 
+helpers.noScriptErrors = function (req, res, error, httpStatus) {
+	var middleware = require('../middleware');
+	var httpStatusString = httpStatus.toString();
+	middleware.buildHeader(req, res, function () {
+		res.status(httpStatus).render(httpStatusString, {
+			path: req.path,
+			loggedIn: true,
+			error: error,
+			returnLink: true,
+			title: '[[global:' + httpStatusString + '.title]]',
+		});
+	});
+};
+
 helpers.notAllowed = function (req, res, error) {
 	plugins.fireHook('filter:helpers.notAllowed', {
 		req: req,
diff --git a/src/controllers/index.js b/src/controllers/index.js
index 0f15d2f4ab..468f0b9d21 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -7,6 +7,7 @@ var validator = require('validator');
 var meta = require('../meta');
 var user = require('../user');
 var plugins = require('../plugins');
+var topics = require('../topics');
 var helpers = require('./helpers');
 
 var Controllers = module.exports;
@@ -279,6 +280,63 @@ Controllers.compose = function (req, res, next) {
 	});
 };
 
+Controllers.composePost = function (req, res, next) {
+	var body = req.body;
+	var data = {
+		uid: req.uid,
+		req: req,
+		timestamp: Date.now(),
+		content: body.content,
+	};
+
+	if (!data.content) {
+		return helpers.noScriptErrors(req, res, '[[error:invalid-data]]', 400);
+	}
+
+	if (body.tid) {
+		data.tid = body.tid;
+
+		async.waterfall([
+			function (next) {
+				topics.reply(data, next);
+			},
+			function (postData, next) {
+				next(null, postData);
+
+				user.updateOnlineUsers(postData.uid);
+
+				res.redirect(nconf.get('relative_path') + '/post/' + postData.pid);
+			},
+		], function (err) {
+			if (err) {
+				return helpers.noScriptErrors(req, res, err.message, 400);
+			}
+			next(err);
+		});
+	} else if (body.cid) {
+		data.cid = body.cid;
+		data.title = body.title;
+		data.tags = [];
+		data.thumb = '';
+
+		async.waterfall([
+			function (next) {
+				topics.post(data, next);
+			},
+			function (result, next) {
+				next(null, result.topicData);
+
+				res.redirect(nconf.get('relative_path') + '/topic/' + result.topicData.slug);
+			},
+		], function (err) {
+			if (err) {
+				return helpers.noScriptErrors(req, res, err.message, 400);
+			}
+			next(err);
+		});
+	}
+};
+
 Controllers.confirmEmail = function (req, res) {
 	user.email.confirm(req.params.code, function (err) {
 		res.render('confirm', {
diff --git a/src/routes/index.js b/src/routes/index.js
index 15339b4e11..75553b52ac 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -34,6 +34,8 @@ function mainRoutes(app, middleware, controllers) {
 	setupPageRoute(app, '/search', middleware, [], controllers.search.search);
 	setupPageRoute(app, '/reset/:code?', middleware, [], controllers.reset);
 	setupPageRoute(app, '/tos', middleware, [], controllers.termsOfUse);
+
+	app.post('/compose', middleware.applyCSRF, controllers.composePost);
 }
 
 function modRoutes(app, middleware, controllers) {