Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-13 01:57:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2614b95c40f2eba2e7147de65956947c9abb3db1
NodeBB/src/api/posts.js
Barış Soner Uşaklı 7ba70d1561 Bootstrap5 (#10894) 
* chore: up deps

* chore: up composer

* fix(deps): bump 2factor to v7

* chore: up harmony

* chore: up harmony

* fix: missing await

* feat: allow middlewares to pass in template values via res.locals

* feat: buildAccountData middleware automatically added ot all account routes

* fix: properly allow values in res.locals.templateValues to be added to the template data

* refactor: user/blocks

* refactor(accounts): categories and consent

* feat: automatically 404 if exposeUid or exposeGroupName come up empty

* refactor: remove calls to getUserDataByUserSlug for most account routes, since it is populated via middleware now

* fix: allow exposeUid and exposeGroupName to work with slugs with mixed capitalization

* fix: move reputation removal check to accountHelpers method

* test: skip i18n tests if ref branch when present is not develop

* fix(deps): bump theme versions

* fix(deps): bump ntfy and 2factor

* chore: up harmony

* fix: add missing return

* fix: #11191, only focus on search input on md environments and up

* feat: allow file uploads on mobile chat

closes https://github.com/NodeBB/NodeBB/issues/11217

* chore: up themes

* chore: add lang string

* fix(deps): bump ntfy to 1.0.15

* refactor: use new if/each syntax

* chore: up composer

* fix: regression from user helper refactor

* chore: up harmony

* chore: up composer

* chore: up harmony

* chore: up harmony

* chore: up harmony

* chore: fix composer version

* feat: add increment helper

* chore: up harmony

* fix: #11228 no timestamps in future 

* chore: up harmony

* check config.theme as well

fire action:posts.loaded after processing dom

* chore: up harmony

* chore: up harmony

* chore: up harmony

* chore: up themes

* chore: up harmony

* remove extra class

* refactor: move these to core from harmony

* chore: up widgets

* chore: up widgets

* height auto

* fix: closes #11238

* dont focus inputs, annoying on mobile

* fix: dont focus twice, only focus on chat input on desktop

dont wrap widget footer in row

* chore: up harmony

* chore: up harmony

* update chat window

* chore: up themes

* fix cache buster for skins

* chat fixes

* chore: up harmony

* chore: up composer

* refactor: change hook logs to debug

* fix: scroll to post right after adding to dom

* fix: hash scrolling and highlighting correct post

* test: re-enable read API schema tests

* fix: add back schema changes for 179faa2270 and c3920ccb10

* fix: schema changes from 488f0978a4

* fix: schema changes for f4cf482a87

* fix: schema update for be6bbabd0e

* fix: schema changes for 69c96078ea

* fix: schema changes for d1364c3130

* fix: schema changes for 84ff1152f7

* fix: schema changes for b860c2605c

* fix: schema changes for 23cb67a112

* fix: schema changes for b916e42f40

* fix: schema change for a9bbb586fc

* fix: schema changes for 4b738c8cd3

* fix: schema changes for 58b5781cea

* fix: schema changes for 794bf01b21

* fix: schema changes for 80ea12c1c1, e368feef51, and 52ead114be

* fix: composer-default object in config?

* fix: schema changes for 9acdc6808c and 0930934200

* fix: schema changes for c0a52924f1

* fix: schema change for aba420a3f3, move loggedInUser to optional props

* fix: schema changes for 8c67031609

* fix: schema changes for 27e53b42f3

* fix: schema changes for 2835966518

* fix: breaking test for email confirmation API call

* fix: schema changes for refactored search page

* fix: schema changes for user object

* fix: schema changes for 9f531f957e

* fix: schema changes for c4042c70de and 23175110a2

* fix: schema changes for 9b3616b103

* fix: schema changes for 5afd5de07d

* fix: schema change for 1d7baf1217

* fix: schema changes for 57bfb37c55 and be6bbabd0e

* fix: schema changes for 6e86b4afa2 and 3efad2e13b and 68f66223e7

* fix: allowing optional qs prop in pagination keys (not sure why this didn't break before)

* fix: re-login on email change

* fix: schema changes for c926358d73

* fix: schema changes for 388a8270c9

* fix: schema change for 2658bcc821

* fix: no need to call account middlewares for chats routes

* fix: schema changes for 71743affc3

* fix: final schema changes

* test: support for anyOf and oneOf

* fix: check thumb

* dont scroll to top on back press

* remove group log

* fix: add top margin to merged and deleted alerts

* chore: up widgets

* fix: improve fix-lists mixin

* chore: up harmony/composer

* feat: allow hiding quicksearch results during search

* dont record searches made by composer

* chore: up 54

* chore: up spam be gone

* feat: add prev/next page and page count into mobile paginator

* chore: up harmony

* chore: up harmony

* use old style for IS

* fix: hide entire toolbar row if no posts or not singlePost

* fix: updated messaging for post-queue template, #11206

* fix: btn-sm on post queue back button

* fix: bump harmony, closes #11206

* fix: remove unused alert module import

* fix: bump harmony

* fix: bump harmony

* chore: up harmony

* refactor: IS scrolltop

* fix: update users:search-user-for-chat source string

* feat: support for mark-read toggle on chats dropdown and recent chats list

* feat: api v3 calls to mark chat read/unread

* feat: send event:chats.mark socket event on mark read or unread

* refactor: allow frontend to mark chats as unread, use new API v3 routes instead of socket calls, better frontend event handling

* docs: openapi schema updates for chat marking

* fix: allow unread state toggling in chats dropdown too

* fix: issue where repeated openings of the chats dropdown would continually add events for mark-read/unread

* fix: debug log

* refactor: move userSearch filter to a module

* feat(routes): allow remounting /categories (#11230)

* feat: send flags count to frontend on flags list page

* refactor: filter form client-side js to extract out some logic

* fix: applyFilters to not take any arguments, update selectedCids in updateButton instead of onHidden

* fix: use userFilter module for assignee, reporterId, targetUid

* fix(openapi): schema changes for updated flags page

* fix: dont allow adding duplicates to userFilter

* use same var

* remove log

* fix: closes #11282

* feat: lang key for x-topics

* chore: up harmony

* chore: up emoji

* chore: up harmony

* fix: update userFilter to allow new option `selectedBlock`

* fix: wrong block name passed to userFilter

* fix: https://github.com/NodeBB/NodeBB/issues/11283

* fix: chats, allow multiple dropdowns like in harmony

* chore: up harmony

* refactor: flag note adding/editing, closes #11285

* fix: remove old prepareEdit logic

* chore: add caveat about hacky code block in userFilter module

* fix: placeholders for userFilter module

* refactor: navigator so it works with multiple thumbs/navigators

* chore: up harmony

* fix: closes #11287, destroy quick reply autocomplete

on navigation

* fix: filter disabled categories on user categories page count

* chore: up harmony

* docs: update openapi spec to include info about passing in timestamps for topic creation, removing timestamp as valid request param for topic replying

* fix: send back null values on ACP search dashboard for startDate and endDate if not expicitly passed in, fix tests

* fix: tweak table order in ACP dash searches

* fix: only invoke navigator click drag on left mouse button

* feat: add back unread indicator to navigator

* clear bookmark on mark unread

* fix: navigator crash on ajaxify

* better thumb top calculation

* fix: reset user bookmark when topic is marked unread

* Revert "fix: reset user bookmark when topic is marked unread"

This reverts commit 9bcd85c2c6.

* fix: update unread indicator on scroll, add unread count

* chore: bump harmony

* fix: crash on navigator unread update when backing out of a topic

* fix: closes #11183

* fix: update topics:recent zset when rescheduling a topic

* fix: dupe quote button, increase delay, hide immediately on empty selection

* fix: navigator not showing up on first load

* refactor: remove glance

assorted fixes to navigator
dont reduce remaning count if user scrolls down and up quickly
only call topic.navigatorCallback when index changes

* more sanity checks for bookmark

dont allow setting bookmark higher than topic postcount

* closes #11218, 🚋

* Revert "fix: update topics:recent zset when rescheduling a topic"

This reverts commit 737973cca9.

* fix: #11306, show proper error if queued post doesn't exist

was showing no-privileges if someone else accepted the post

* https://github.com/NodeBB/NodeBB/issues/11307

dont use li

* chore: up harmony

* chore: bump version string

* fix: copy paste fail

* feat: closes #7382, tag filtering

add client side support for filtering by tags on /category, /recent and /unread

* chore: up harmony

* chore: up harmony

* Revert "fix: add back req.query fallback for backwards compatibility" [breaking]

This reverts commit cf6cc2c454.
This commit is no longer required as passing in a CSRF token via query parameter is no longer supported as of NodeBB v3.x

This is a breaking change.

* fix: pass csrf token in form data, re: NodeBB/NodeBB#11309

* chore: up deps

* fix: tests, use x-csrf-token query param removed

* test: fix csrf_token

* lint: remove unused

* feat: add itemprop="image" to avatar helper

* fix: get chat upload button in chat modal

* breaking: remove deprecated socket.io methods

* test: update messaging tests to not use sockets

* fix: parent post links

* fix: prevent post tooltip if mouse leaves before data/tpl is loaded

* chore: up harmony

* chore: up harmony

* chore: up harmony

* chore: up harmony

* fix: nested replies indices

* fix(deps): bump 2factor

* feat: add loggedIn user to all api routes

* chore: up themes

* refactor: audit admin v3 write api routes as per #11321

* refactor: audit category v3 write api routes as per #11321 [breaking]

docs: fix open api spec for #11321

* refactor: audit chat v3 write api routes as per #11321

* refactor: audit files v3 write api routes as per #11321

* refactor: audit flags v3 write api routes as per #11321

* refactor: audit posts v3 write api routes as per #11321

* refactor: audit topics v3 write api routes as per #11321

* refactor: audit users v3 write api routes as per #11321

* fix: lang string

* remove min height

* fix: empty topic/labels taking up space

* fix: tag filtering when changing filter to watched topics

or changing popular time limit to month

* chore: up harmony

* fix: closes #11354, show no post error if queued post already accepted/rejected

* test: #11354

* test: #11354

* fix(deps): bump 2factor

* fix: #11357 clear cache on thumb remove

* fix: thumb remove on windows, closes #11357

* test: openapi for thumbs

* test: fix openapi

---------

Co-authored-by: Julian Lam <julian@nodebb.org>
Co-authored-by: Opliko <opliko.reg@protonmail.com>
2023-03-17 11:58:31 -04:00

350 lines
11 KiB
JavaScript
Raw Blame History

'use strict';
const validator = require('validator');
const _ = require('lodash');
const utils = require('../utils');
const user = require('../user');
const posts = require('../posts');
const topics = require('../topics');
const groups = require('../groups');
const meta = require('../meta');
const events = require('../events');
const privileges = require('../privileges');
const apiHelpers = require('./helpers');
const websockets = require('../socket.io');
const socketHelpers = require('../socket.io/helpers');
const postsAPI = module.exports;
postsAPI.get = async function (caller, data) {
const [userPrivileges, post, voted] = await Promise.all([
privileges.posts.get([data.pid], caller.uid),
posts.getPostData(data.pid),
posts.hasVoted(data.pid, caller.uid),
]);
if (!post) {
return null;
}
Object.assign(post, voted);
const userPrivilege = userPrivileges[0];
if (!userPrivilege.read || !userPrivilege['topics:read']) {
return null;
}
post.ip = userPrivilege.isAdminOrMod ? post.ip : undefined;
const selfPost = caller.uid && caller.uid === parseInt(post.uid, 10);
if (post.deleted && !(userPrivilege.isAdminOrMod || selfPost)) {
post.content = '[[topic:post_is_deleted]]';
}
return post;
};
postsAPI.edit = async function (caller, data) {
if (!data || !data.pid || (meta.config.minimumPostLength !== 0 && !data.content)) {
throw new Error('[[error:invalid-data]]');
}
if (!caller.uid) {
throw new Error('[[error:not-logged-in]]');
}
// Trim and remove HTML (latter for composers that send in HTML, like redactor)
const contentLen = utils.stripHTMLTags(data.content).trim().length;
if (data.title && data.title.length < meta.config.minimumTitleLength) {
throw new Error(`[[error:title-too-short, ${meta.config.minimumTitleLength}]]`);
} else if (data.title && data.title.length > meta.config.maximumTitleLength) {
throw new Error(`[[error:title-too-long, ${meta.config.maximumTitleLength}]]`);
} else if (meta.config.minimumPostLength !== 0 && contentLen < meta.config.minimumPostLength) {
throw new Error(`[[error:content-too-short, ${meta.config.minimumPostLength}]]`);
} else if (contentLen > meta.config.maximumPostLength) {
throw new Error(`[[error:content-too-long, ${meta.config.maximumPostLength}]]`);
}
data.uid = caller.uid;
data.req = apiHelpers.buildReqObject(caller);
data.timestamp = parseInt(data.timestamp, 10) || Date.now();
const editResult = await posts.edit(data);
if (editResult.topic.isMainPost) {
await topics.thumbs.migrate(data.uuid, editResult.topic.tid);
}
const selfPost = parseInt(caller.uid, 10) === parseInt(editResult.post.uid, 10);
if (!selfPost && editResult.post.changed) {
await events.log({
type: `post-edit`,
uid: caller.uid,
ip: caller.ip,
pid: editResult.post.pid,
oldContent: editResult.post.oldContent,
newContent: editResult.post.newContent,
});
}
if (editResult.topic.renamed) {
await events.log({
type: 'topic-rename',
uid: caller.uid,
ip: caller.ip,
tid: editResult.topic.tid,
oldTitle: validator.escape(String(editResult.topic.oldTitle)),
newTitle: validator.escape(String(editResult.topic.title)),
});
}
const postObj = await posts.getPostSummaryByPids([editResult.post.pid], caller.uid, {});
const returnData = { ...postObj[0], ...editResult.post };
returnData.topic = { ...postObj[0].topic, ...editResult.post.topic };
if (!editResult.post.deleted) {
websockets.in(`topic_${editResult.topic.tid}`).emit('event:post_edited', editResult);
return returnData;
}
const memberData = await groups.getMembersOfGroups([
'administrators',
'Global Moderators',
`cid:${editResult.topic.cid}:privileges:moderate`,
`cid:${editResult.topic.cid}:privileges:groups:moderate`,
]);
const uids = _.uniq(_.flatten(memberData).concat(String(caller.uid)));
uids.forEach(uid => websockets.in(`uid_${uid}`).emit('event:post_edited', editResult));
return returnData;
};
postsAPI.delete = async function (caller, data) {
await deleteOrRestore(caller, data, {
command: 'delete',
event: 'event:post_deleted',
type: 'post-delete',
});
};
postsAPI.restore = async function (caller, data) {
await deleteOrRestore(caller, data, {
command: 'restore',
event: 'event:post_restored',
type: 'post-restore',
});
};
async function deleteOrRestore(caller, data, params) {
if (!data || !data.pid) {
throw new Error('[[error:invalid-data]]');
}
const postData = await posts.tools[params.command](caller.uid, data.pid);
const results = await isMainAndLastPost(data.pid);
if (results.isMain && results.isLast) {
await deleteOrRestoreTopicOf(params.command, data.pid, caller);
}
websockets.in(`topic_${postData.tid}`).emit(params.event, postData);
await events.log({
type: params.type,
uid: caller.uid,
pid: data.pid,
tid: postData.tid,
ip: caller.ip,
});
}
async function deleteOrRestoreTopicOf(command, pid, caller) {
const topic = await posts.getTopicFields(pid, ['tid', 'cid', 'deleted', 'scheduled']);
// exempt scheduled topics from being deleted/restored
if (topic.scheduled) {
return;
}
// command: delete/restore
await apiHelpers.doTopicAction(
command,
topic.deleted ? 'event:topic_restored' : 'event:topic_deleted',
caller,
{ tids: [topic.tid], cid: topic.cid }
);
}
postsAPI.purge = async function (caller, data) {
if (!data || !parseInt(data.pid, 10)) {
throw new Error('[[error:invalid-data]]');
}
const results = await isMainAndLastPost(data.pid);
if (results.isMain && !results.isLast) {
throw new Error('[[error:cant-purge-main-post]]');
}
const isMainAndLast = results.isMain && results.isLast;
const postData = await posts.getPostFields(data.pid, ['toPid', 'tid']);
postData.pid = data.pid;
const canPurge = await privileges.posts.canPurge(data.pid, caller.uid);
if (!canPurge) {
throw new Error('[[error:no-privileges]]');
}
require('../posts/cache').del(data.pid);
await posts.purge(data.pid, caller.uid);
websockets.in(`topic_${postData.tid}`).emit('event:post_purged', postData);
const topicData = await topics.getTopicFields(postData.tid, ['title', 'cid']);
await events.log({
type: 'post-purge',
pid: data.pid,
uid: caller.uid,
ip: caller.ip,
tid: postData.tid,
title: String(topicData.title),
});
if (isMainAndLast) {
await apiHelpers.doTopicAction(
'purge',
'event:topic_purged',
caller,
{ tids: [postData.tid], cid: topicData.cid }
);
}
};
async function isMainAndLastPost(pid) {
const [isMain, topicData] = await Promise.all([
posts.isMain(pid),
posts.getTopicFields(pid, ['postcount']),
]);
return {
isMain: isMain,
isLast: topicData && topicData.postcount === 1,
};
}
postsAPI.move = async function (caller, data) {
if (!caller.uid) {
throw new Error('[[error:not-logged-in]]');
}
if (!data || !data.pid || !data.tid) {
throw new Error('[[error:invalid-data]]');
}
const canMove = await Promise.all([
privileges.topics.isAdminOrMod(data.tid, caller.uid),
privileges.posts.canMove(data.pid, caller.uid),
]);
if (!canMove.every(Boolean)) {
throw new Error('[[error:no-privileges]]');
}
await topics.movePostToTopic(caller.uid, data.pid, data.tid);
const [postDeleted, topicDeleted] = await Promise.all([
posts.getPostField(data.pid, 'deleted'),
topics.getTopicField(data.tid, 'deleted'),
await events.log({
type: `post-move`,
uid: caller.uid,
ip: caller.ip,
pid: data.pid,
toTid: data.tid,
}),
]);
if (!postDeleted && !topicDeleted) {
socketHelpers.sendNotificationToPostOwner(data.pid, caller.uid, 'move', 'notifications:moved_your_post');
}
};
postsAPI.upvote = async function (caller, data) {
return await apiHelpers.postCommand(caller, 'upvote', 'voted', 'notifications:upvoted_your_post_in', data);
};
postsAPI.downvote = async function (caller, data) {
return await apiHelpers.postCommand(caller, 'downvote', 'voted', '', data);
};
postsAPI.unvote = async function (caller, data) {
return await apiHelpers.postCommand(caller, 'unvote', 'voted', '', data);
};
postsAPI.bookmark = async function (caller, data) {
return await apiHelpers.postCommand(caller, 'bookmark', 'bookmarked', '', data);
};
postsAPI.unbookmark = async function (caller, data) {
return await apiHelpers.postCommand(caller, 'unbookmark', 'bookmarked', '', data);
};
async function diffsPrivilegeCheck(pid, uid) {
const [deleted, privilegesData] = await Promise.all([
posts.getPostField(pid, 'deleted'),
privileges.posts.get([pid], uid),
]);
const allowed = privilegesData[0]['posts:history'] && (deleted ? privilegesData[0]['posts:view_deleted'] : true);
if (!allowed) {
throw new Error('[[error:no-privileges]]');
}
}
postsAPI.getDiffs = async (caller, data) => {
await diffsPrivilegeCheck(data.pid, caller.uid);
const timestamps = await posts.diffs.list(data.pid);
const post = await posts.getPostFields(data.pid, ['timestamp', 'uid']);
const diffs = await posts.diffs.get(data.pid);
const uids = diffs.map(diff => diff.uid || null);
uids.push(post.uid);
let usernames = await user.getUsersFields(uids, ['username']);
usernames = usernames.map(userObj => (userObj.uid ? userObj.username : null));
const cid = await posts.getCidByPid(data.pid);
const [isAdmin, isModerator] = await Promise.all([
user.isAdministrator(caller.uid),
privileges.users.isModerator(caller.uid, cid),
]);
// timestamps returned by posts.diffs.list are strings
timestamps.push(String(post.timestamp));
return {
timestamps: timestamps,
revisions: timestamps.map((timestamp, idx) => ({
timestamp: timestamp,
username: usernames[idx],
})),
// Only admins, global mods and moderator of that cid can delete a diff
deletable: isAdmin || isModerator,
// These and post owners can restore to a different post version
editable: isAdmin || isModerator || parseInt(caller.uid, 10) === parseInt(post.uid, 10),
};
};
postsAPI.loadDiff = async (caller, data) => {
await diffsPrivilegeCheck(data.pid, caller.uid);
return await posts.diffs.load(data.pid, data.since, caller.uid);
};
postsAPI.restoreDiff = async (caller, data) => {
const cid = await posts.getCidByPid(data.pid);
const canEdit = await privileges.categories.can('posts:edit', cid, caller.uid);
if (!canEdit) {
throw new Error('[[error:no-privileges]]');
}
const edit = await posts.diffs.restore(data.pid, data.since, caller.uid, apiHelpers.buildReqObject(caller));
websockets.in(`topic_${edit.topic.tid}`).emit('event:post_edited', edit);
};
postsAPI.deleteDiff = async (caller, { pid, timestamp }) => {
const cid = await posts.getCidByPid(pid);
const [isAdmin, isModerator] = await Promise.all([
privileges.users.isAdministrator(caller.uid),
privileges.users.isModerator(caller.uid, cid),
]);
if (!(isAdmin || isModerator)) {
throw new Error('[[error:no-privileges]]');
}
await posts.diffs.delete(pid, timestamp, caller.uid);
};
Reference in New Issue View Git Blame Copy Permalink