fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make post editing a GET endpoint with perm check like editstaff/editcustompages, much more sensible

Browse Source
merge-requests/341/head
Thomas Lynch 1 year ago
parent 1191ec4dc8
commit b391c0cb66
8 changed files with 56 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      controllers/forms/actions.js
  2. 8
      controllers/pages.js
  3. 4
      db/boards.js
  4. 32
      db/posts.js
  5. 2
      gulp/res/js/filters.js
  6. 14
      models/pages/manage/editpost.js
  7. 1
      models/pages/manage/index.js
  8. 2
      views/mixins/post.pug

7
controllers/forms/actions.js
Unescape View File

@ -93,12 +93,7 @@ module.exports = {
if (req.body.edit) {
//edit post only allows single post
//TODO: make this like editnews, a GET endpoint page
return res.render('editpost', {
'post': res.locals.posts[0],
'csrf': req.csrfToken(),
'referer': (req.headers.referer || `/${res.locals.posts[0].board}/manage/thread/${res.locals.posts[0].thread || res.locals.posts[0].postId}.html`) + `#${res.locals.posts[0].postId}`,
});
return res.redirect(`/${res.locals.posts[0].board}/manage/editpost/${res.locals.posts[0].thread || res.locals.posts[0].postId}.html`);
} else if (req.body.move) {
if (!res.locals.destinationBoard && !res.locals.destinationThread) {
return dynamicResponse(req, res, 400, 'message', {

8
controllers/pages.js
Unescape View File

@ -18,7 +18,7 @@ const express = require('express')
, setMinimal = require(__dirname+'/../lib/middleware/misc/setminimal.js')
//page models
, { manageRecent, manageReports, manageAssets, manageSettings, manageBans, editCustomPage, manageMyPermissions,
manageBoard, manageThread, manageLogs, manageCatalog, manageCustomPages, manageStaff, editStaff } = require(__dirname+'/../models/pages/manage/')
manageBoard, manageThread, manageLogs, manageCatalog, manageCustomPages, manageStaff, editStaff, editPost } = require(__dirname+'/../models/pages/manage/')
, { globalManageSettings, globalManageReports, globalManageBans, globalManageBoards, editNews, editAccount, editRole,
globalManageRecent, globalManageAccounts, globalManageNews, globalManageLogs, globalManageRoles } = require(__dirname+'/../models/pages/globalmanage/')
, { changePassword, blockBypass, home, register, login, create, myPermissions, sessions, setupTwoFactor,
@ -45,7 +45,7 @@ router.get('/catalog.(html|json)', overboardCatalog); //overboard catalog view
//board pages
router.get('/:board/:page(1[0-9]{1,}|[2-9][0-9]{0,}|index).(html|json)', Boards.exists, board); //index
router.get('/:board/thread/:id([1-9][0-9]{0,}).(html|json)', Boards.exists, threadParamConverter, Posts.exists, thread); //thread view
router.get('/:board/thread/:id([1-9][0-9]{0,}).(html|json)', Boards.exists, threadParamConverter, Posts.threadExistsMiddleware, thread); //thread view
router.get('/:board/catalog.(html|json)', Boards.exists, catalog); //catalog
router.get('/:board/logs.(html|json)', Boards.exists, modloglist);//modlog list
router.get('/:board/logs/:date(\\d{2}-\\d{2}-\\d{4}).(html|json)', Boards.exists, logParamConverter, modlog); //daily log
@ -61,7 +61,9 @@ router.get('/:board/manage/catalog.html', useSession, sessionRefresh, isLoggedIn
router.get('/:board/manage/:page(1[0-9]{1,}|[2-9][0-9]{0,}|index).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,
hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, manageBoard);
router.get('/:board/manage/thread/:id([1-9][0-9]{0,}).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, threadParamConverter, calcPerms,
hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, Posts.exists, manageThread);
hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, Posts.threadExistsMiddleware, manageThread);
router.get('/:board/manage/editpost/:id([1-9][0-9]{0,}).html', useSession, sessionRefresh, isLoggedIn, Boards.exists, threadParamConverter, calcPerms,
hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, Posts.postExistsMiddleware, editPost);
router.get('/:board/manage/reports.(html|json)', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,
hasPerms.one(Permissions.MANAGE_BOARD_GENERAL), csrf, manageReports);
router.get('/:board/manage/recent.(html|json)', useSession, sessionRefresh, isLoggedIn, Boards.exists, calcPerms,

4
db/boards.js
Unescape View File

@ -518,7 +518,9 @@ module.exports = {
const increment = await db.findOneAndUpdate(
{
'_id': board
}, update, {
},
update,
{
'projection': {
'sequence_value': 1
}

32
db/posts.js
Unescape View File

@ -870,8 +870,8 @@ module.exports = {
threadExists: (board, thread) => {
return db.findOne({
'postId': thread,
'board': board,
'postId': thread,
'thread': null,
}, {
'projection': {
@ -882,13 +882,37 @@ module.exports = {
});
},
exists: async (req, res, next) => {
threadExistsMiddleware: async (req, res, next) => {
const thread = await module.exports.threadExists(req.params.board, req.params.id);
if (!thread) {
return res.status(404).render('404');
}
res.locals.thread = thread; // can acces this in views or next route handlers
res.locals.thread = thread;
next();
}
},
postExists: (board, postId) => {
return db.findOne({
'board': board,
'postId': postId,
}, {
'projection': {
'salt': 0 ,
'password': 0,
'ip': 0,
'reports': 0,
'globalreports': 0,
}
});
},
postExistsMiddleware: async (req, res, next) => {
const post = await module.exports.postExists(req.params.board, req.params.id);
if (!post) {
return res.status(404).render('404');
}
res.locals.post = post;
next();
},
};

2
gulp/res/js/filters.js
Unescape View File

@ -265,6 +265,8 @@ const postMenuChange = function() {
break;
case 'moderate':
return moderatePost(postContainer);
case 'edit':
return window.location = `/${postDataset.board}/manage/editpost/${postDataset.postId}.html`;
case 'watch': {
const postMessage = postContainer.querySelector('.post-message');
const watcherSubject = (postDataset.subject || (postMessage && postMessage.textContent) || `#${postDataset.postId}`).substring(0, 25);

14
models/pages/manage/editpost.js
Unescape View File

@ -0,0 +1,14 @@
'use strict';
module.exports = async (req, res) => {
return res
.set('Cache-Control', 'private, max-age=5')
.render('editpost', {
'csrf': req.csrfToken(),
'post': res.locals.post,
'board': res.locals.board,
'referer': (req.headers.referer || `/${res.locals.post.board}/manage/thread/${res.locals.post.thread || res.locals.post.postId}.html`) + `#${res.locals.post.postId}`,
});
};

1
models/pages/manage/index.js
Unescape View File

@ -13,6 +13,7 @@ module.exports = {
manageCustomPages: require(__dirname+'/custompages.js'),
manageMyPermissions: require(__dirname+'/mypermissions.js'),
editCustomPage: require(__dirname+'/editcustompage.js'),
editPost: require(__dirname+'/editpost.js'),
manageStaff: require(__dirname+'/staff.js'),
editStaff: require(__dirname+'/editstaff.js'),
};

2
views/mixins/post.pug
Unescape View File

@ -78,6 +78,8 @@ mixin post(post, truncate, manage=false, globalmanage=false, ban=false, overboar
option(value='ftrip') Filter Tripcode
if !overboard && !ban
option(value='moderate') Moderate
if !ban
option(value='edit') Edit
if !post.thread
option(value='watch') Watch
option(value='playlist') Playlist

Write Preview
Loading…
Cancel
Save