hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5769 from NodeBB/private-feeds

Browse Source 
Private feeds, closes #5740
v1.18.x
Barış Soner Uşaklı 8 years ago committed by GitHub
parent 05434afed1 77994dcf69
commit 8d8f0a391f
6 changed files with 371 additions and 209 deletions
Show Stats Download Patch File Download Diff File

15
src/controllers/category.js
Unescape Escape View File

@ -22,6 +22,7 @@ categoryController.get = function (req, res, callback) {
var pageCount = 1;
var userPrivileges;
var settings;
var rssToken;
if ((req.params.topic_index && !utils.isNumber(req.params.topic_index)) || !utils.isNumber(cid)) {
return callback();
@ -39,10 +40,14 @@ categoryController.get = function (req, res, callback) {
userSettings: function (next) {
user.getSettings(req.uid, next);
},
rssToken: function (next) {
user.auth.getFeedToken(req.uid, next);
},
}, next);
},
function (results, next) {
userPrivileges = results.privileges;
rssToken = results.rssToken;
if (!results.categoryData.slug || (results.categoryData && parseInt(results.categoryData.disabled, 10) === 1)) {
return callback();
@ -149,15 +154,15 @@ categoryController.get = function (req, res, callback) {
categoryData.description = translator.escape(categoryData.description);
categoryData.privileges = userPrivileges;
categoryData.showSelect = categoryData.privileges.editable;
addTags(categoryData, res);
categoryData.rssFeedUrl = nconf.get('url') + '/category/' + categoryData.cid + '.rss';
if (parseInt(req.uid, 10)) {
categories.markAsRead([cid], req.uid);
categoryData.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken;
}
addTags(categoryData, res);
categoryData['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1;
categoryData.rssFeedUrl = nconf.get('relative_path') + '/category/' + categoryData.cid + '.rss';
categoryData.title = translator.escape(categoryData.name);
pageCount = Math.max(1, Math.ceil(categoryData.topic_count / settings.topicsPerPage));
categoryData.pagination = pagination.create(currentPage, pageCount, req.query);
@ -220,7 +225,7 @@ function addTags(categoryData, res) {
{
rel: 'alternate',
type: 'application/rss+xml',
href: nconf.get('url') + '/category/' + categoryData.cid + '.rss',
href: categoryData.rssFeedUrl,
},
{
rel: 'up',

303
src/controllers/topics.js
Unescape Escape View File

@ -15,7 +15,7 @@ var helpers = require('./helpers');
var pagination = require('../pagination');
var utils = require('../utils');
var topicsController = {};
var topicsController = module.exports;
topicsController.get = function (req, res, callback) {
var tid = req.params.topic_id;
@ -23,6 +23,7 @@ topicsController.get = function (req, res, callback) {
var pageCount = 1;
var userPrivileges;
var settings;
var rssToken;
if ((req.params.post_index && !utils.isNumber(req.params.post_index)) || !utils.isNumber(tid)) {
return callback();
@ -40,6 +41,9 @@ topicsController.get = function (req, res, callback) {
topic: function (next) {
topics.getTopicData(tid, next);
},
rssToken: function (next) {
user.auth.getFeedToken(req.uid, next);
},
}, next);
},
function (results, next) {
@ -48,6 +52,7 @@ topicsController.get = function (req, res, callback) {
}
userPrivileges = results.privileges;
rssToken = results.rssToken;
if (!userPrivileges['topics:read'] || (parseInt(results.topic.deleted, 10) && !userPrivileges.view_deleted)) {
return helpers.notAllowed(req, res);
@ -129,167 +134,173 @@ topicsController.get = function (req, res, callback) {
plugins.fireHook('filter:controllers.topic.get', { topicData: topicData, uid: req.uid }, next);
},
function (data, next) {
var breadcrumbs = [
{
text: data.topicData.category.name,
url: nconf.get('relative_path') + '/category/' + data.topicData.category.slug,
},
{
text: data.topicData.title,
},
];
helpers.buildCategoryBreadcrumbs(data.topicData.category.parentCid, function (err, crumbs) {
if (err) {
return next(err);
}
data.topicData.breadcrumbs = crumbs.concat(breadcrumbs);
next(null, data.topicData);
});
buildBreadcrumbs(data.topicData, next);
},
function (topicData, next) {
function findPost(index) {
for (var i = 0; i < topicData.posts.length; i += 1) {
if (parseInt(topicData.posts[i].index, 10) === parseInt(index, 10)) {
return topicData.posts[i];
}
}
function (topicData) {
topicData.privileges = userPrivileges;
topicData.topicStaleDays = parseInt(meta.config.topicStaleDays, 10) || 60;
topicData['reputation:disabled'] = parseInt(meta.config['reputation:disabled'], 10) === 1;
topicData['downvote:disabled'] = parseInt(meta.config['downvote:disabled'], 10) === 1;
topicData['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1;
topicData.bookmarkThreshold = parseInt(meta.config.bookmarkThreshold, 10) || 5;
topicData.postEditDuration = parseInt(meta.config.postEditDuration, 10) || 0;
topicData.postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10) || 0;
topicData.scrollToMyPost = settings.scrollToMyPost;
topicData.rssFeedUrl = nconf.get('relative_path') + '/topic/' + topicData.tid + '.rss';
if (req.uid) {
topicData.rssFeedUrl += '?uid=' + req.uid + '&token=' + rssToken;
}
var description = '';
var postAtIndex = findPost(Math.max(0, req.params.post_index - 1));
topicData.postIndex = req.params.post_index;
topicData.pagination = pagination.create(currentPage, pageCount, req.query);
topicData.pagination.rel.forEach(function (rel) {
rel.href = nconf.get('url') + '/topic/' + topicData.slug + rel.href;
res.locals.linkTags.push(rel);
});
if (postAtIndex && postAtIndex.content) {
description = S(postAtIndex.content).decodeHTMLEntities().stripTags().s;
req.session.tids_viewed = req.session.tids_viewed || {};
if (!req.session.tids_viewed[tid] || req.session.tids_viewed[tid] < Date.now() - 3600000) {
topics.increaseViewCount(tid);
req.session.tids_viewed[tid] = Date.now();
}
if (description.length > 255) {
description = description.substr(0, 255) + '...';
}
addTags(topicData, req, res);
var ogImageUrl = '';
if (topicData.thumb) {
ogImageUrl = topicData.thumb;
} else if (postAtIndex && postAtIndex.user && postAtIndex.user.picture) {
ogImageUrl = postAtIndex.user.picture;
} else if (meta.config['og:image']) {
ogImageUrl = meta.config['og:image'];
} else if (meta.config['brand:logo']) {
ogImageUrl = meta.config['brand:logo'];
} else {
ogImageUrl = '/logo.png';
}
if (typeof ogImageUrl === 'string' && ogImageUrl.indexOf('http') === -1) {
ogImageUrl = nconf.get('url') + ogImageUrl;
if (req.uid) {
topics.markAsRead([tid], req.uid, function (err, markedRead) {
if (err) {
return callback(err);
}
if (markedRead) {
topics.pushUnreadCount(req.uid);
topics.markTopicNotificationsRead([tid], req.uid);
}
});
}
description = description.replace(/\n/g, ' ');
res.locals.metaTags = [
{
name: 'title',
content: topicData.titleRaw,
},
{
name: 'description',
content: description,
},
{
property: 'og:title',
content: topicData.titleRaw,
},
{
property: 'og:description',
content: description,
},
{
property: 'og:type',
content: 'article',
},
{
property: 'og:image',
content: ogImageUrl,
noEscape: true,
},
{
property: 'og:image:url',
content: ogImageUrl,
noEscape: true,
},
{
property: 'article:published_time',
content: utils.toISOString(topicData.timestamp),
},
{
property: 'article:modified_time',
content: utils.toISOString(topicData.lastposttime),
},
{
property: 'article:section',
content: topicData.category ? topicData.category.name : '',
},
];
res.locals.linkTags = [
{
rel: 'alternate',
type: 'application/rss+xml',
href: nconf.get('url') + '/topic/' + tid + '.rss',
},
];
res.render('topic', topicData);
},
], callback);
};
if (topicData.category) {
res.locals.linkTags.push({
rel: 'up',
href: nconf.get('url') + '/category/' + topicData.category.slug,
});
}
function buildBreadcrumbs(topicData, callback) {
var breadcrumbs = [
{
text: topicData.category.name,
url: nconf.get('relative_path') + '/category/' + topicData.category.slug,
},
{
text: topicData.title,
},
];
async.waterfall([
function (next) {
helpers.buildCategoryBreadcrumbs(topicData.category.parentCid, next);
},
function (crumbs, next) {
topicData.breadcrumbs = crumbs.concat(breadcrumbs);
next(null, topicData);
},
], function (err, data) {
if (err) {
return callback(err);
], callback);
}
function addTags(topicData, req, res) {
function findPost(index) {
for (var i = 0; i < topicData.posts.length; i += 1) {
if (parseInt(topicData.posts[i].index, 10) === parseInt(index, 10)) {
return topicData.posts[i];
}
}
}
var description = '';
var postAtIndex = findPost(Math.max(0, req.params.post_index - 1));
data.privileges = userPrivileges;
data.topicStaleDays = parseInt(meta.config.topicStaleDays, 10) || 60;
data['reputation:disabled'] = parseInt(meta.config['reputation:disabled'], 10) === 1;
data['downvote:disabled'] = parseInt(meta.config['downvote:disabled'], 10) === 1;
data['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1;
data.bookmarkThreshold = parseInt(meta.config.bookmarkThreshold, 10) || 5;
data.postEditDuration = parseInt(meta.config.postEditDuration, 10) || 0;
data.postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10) || 0;
data.scrollToMyPost = settings.scrollToMyPost;
data.rssFeedUrl = nconf.get('relative_path') + '/topic/' + data.tid + '.rss';
data.postIndex = req.params.post_index;
data.pagination = pagination.create(currentPage, pageCount, req.query);
data.pagination.rel.forEach(function (rel) {
rel.href = nconf.get('url') + '/topic/' + data.slug + rel.href;
res.locals.linkTags.push(rel);
});
if (postAtIndex && postAtIndex.content) {
description = S(postAtIndex.content).decodeHTMLEntities().stripTags().s;
}
req.session.tids_viewed = req.session.tids_viewed || {};
if (!req.session.tids_viewed[tid] || req.session.tids_viewed[tid] < Date.now() - 3600000) {
topics.increaseViewCount(tid);
req.session.tids_viewed[tid] = Date.now();
}
if (description.length > 255) {
description = description.substr(0, 255) + '...';
}
if (req.uid) {
topics.markAsRead([tid], req.uid, function (err, markedRead) {
if (err) {
return callback(err);
}
if (markedRead) {
topics.pushUnreadCount(req.uid);
topics.markTopicNotificationsRead([tid], req.uid);
}
});
}
var ogImageUrl = '';
if (topicData.thumb) {
ogImageUrl = topicData.thumb;
} else if (postAtIndex && postAtIndex.user && postAtIndex.user.picture) {
ogImageUrl = postAtIndex.user.picture;
} else if (meta.config['og:image']) {
ogImageUrl = meta.config['og:image'];
} else if (meta.config['brand:logo']) {
ogImageUrl = meta.config['brand:logo'];
} else {
ogImageUrl = '/logo.png';
}
res.render('topic', data);
});
};
if (typeof ogImageUrl === 'string' && ogImageUrl.indexOf('http') === -1) {
ogImageUrl = nconf.get('url') + ogImageUrl;
}
description = description.replace(/\n/g, ' ');
res.locals.metaTags = [
{
name: 'title',
content: topicData.titleRaw,
},
{
name: 'description',
content: description,
},
{
property: 'og:title',
content: topicData.titleRaw,
},
{
property: 'og:description',
content: description,
},
{
property: 'og:type',
content: 'article',
},
{
property: 'og:image',
content: ogImageUrl,
noEscape: true,
},
{
property: 'og:image:url',
content: ogImageUrl,
noEscape: true,
},
{
property: 'article:published_time',
content: utils.toISOString(topicData.timestamp),
},
{
property: 'article:modified_time',
content: utils.toISOString(topicData.lastposttime),
},
{
property: 'article:section',
content: topicData.category ? topicData.category.name : '',
},
];
res.locals.linkTags = [
{
rel: 'alternate',
type: 'application/rss+xml',
href: topicData.rssFeedUrl,
},
];
if (topicData.category) {
res.locals.linkTags.push({
rel: 'up',
href: nconf.get('url') + '/category/' + topicData.category.slug,
});
}
}
topicsController.teaser = function (req, res, next) {
var tid = req.params.topic_id;
@ -355,5 +366,3 @@ topicsController.pagination = function (req, res, callback) {
res.json(paginationData);
});
};
module.exports = topicsController;

155
src/routes/feeds.js
Unescape Escape View File

@ -26,6 +26,45 @@ module.exports = function (app, middleware) {
app.get('/tags/:tag.rss', middleware.maintenanceMode, generateForTag);
};
function validateTokenIfRequiresLogin(requiresLogin, cid, req, res, callback) {
var uid = req.query.uid;
var token = req.query.token;
if (!requiresLogin) {
return callback();
}
if (!uid || !token) {
return helpers.notAllowed(req, res);
}
async.waterfall([
function (next) {
user.getUserField(uid, 'rss_token', next);
},
function (_token, next) {
if (token === _token) {
async.waterfall([
function (next) {
privileges.categories.get(cid, uid, next);
},
function (privileges, next) {
if (!privileges.read) {
return helpers.notAllowed(req, res);
}
next();
},
], callback);
return;
}
user.auth.logAttempt(uid, req.ip, next);
},
function () {
helpers.notAllowed(req, res);
},
], callback);
}
function generateForTopic(req, res, callback) {
if (parseInt(meta.config['feeds:disableRSS'], 10) === 1) {
return controllers404.send404(req, res);
@ -33,6 +72,7 @@ function generateForTopic(req, res, callback) {
var tid = req.params.topic_id;
var userPrivileges;
var topic;
async.waterfall([
function (next) {
async.parallel({
@ -48,11 +88,12 @@ function generateForTopic(req, res, callback) {
if (!results.topic || (parseInt(results.topic.deleted, 10) && !results.privileges.view_deleted)) {
return controllers404.send404(req, res);
}
if (!results.privileges['topics:read']) {
return helpers.notAllowed(req, res);
}
userPrivileges = results.privileges;
topics.getTopicWithPosts(results.topic, 'tid:' + tid + ':posts', req.uid, 0, 25, false, next);
topic = results.topic;
validateTokenIfRequiresLogin(!results.privileges['topics:read'], results.topic.cid, req, res, next);
},
function (next) {
topics.getTopicWithPosts(topic, 'tid:' + tid + ':posts', req.uid || req.query.uid || 0, 0, 25, false, next);
},
function (topicData) {
topics.modifyPostsByPrivilege(topicData, userPrivileges);
@ -95,40 +136,12 @@ function generateForTopic(req, res, callback) {
], callback);
}
function generateForUserTopics(req, res, callback) {
if (parseInt(meta.config['feeds:disableRSS'], 10) === 1) {
return controllers404.send404(req, res);
}
var userslug = req.params.userslug;
async.waterfall([
function (next) {
user.getUidByUserslug(userslug, next);
},
function (uid, next) {
if (!uid) {
return callback();
}
user.getUserFields(uid, ['uid', 'username'], next);
},
function (userData, next) {
generateForTopics({
uid: req.uid,
title: 'Topics by ' + userData.username,
description: 'A list of topics that are posted by ' + userData.username,
feed_url: '/user/' + userslug + '/topics.rss',
site_url: '/user/' + userslug + '/topics',
}, 'uid:' + userData.uid + ':topics', req, res, next);
},
], callback);
}
function generateForCategory(req, res, next) {
if (parseInt(meta.config['feeds:disableRSS'], 10) === 1) {
return controllers404.send404(req, res);
}
var cid = req.params.category_id;
var category;
async.waterfall([
function (next) {
@ -143,22 +156,23 @@ function generateForCategory(req, res, next) {
reverse: true,
start: 0,
stop: 25,
uid: req.uid,
uid: req.uid || req.query.uid || 0,
}, next);
},
}, next);
},
function (results, next) {
if (!results.privileges.read) {
return helpers.notAllowed(req, res);
}
category = results.category;
validateTokenIfRequiresLogin(!results.privileges.read, cid, req, res, next);
},
function (next) {
generateTopicsFeed({
uid: req.uid,
title: results.category.name,
description: results.category.description,
uid: req.uid || req.query.uid || 0,
title: category.name,
description: category.description,
feed_url: '/category/' + cid + '.rss',
site_url: '/category/' + results.category.cid,
}, results.category.topics, next);
site_url: '/category/' + category.cid,
}, category.topics, next);
},
function (feed) {
sendFeed(feed, res);
@ -292,12 +306,13 @@ function generateForRecentPosts(req, res, next) {
], next);
}
function generateForCategoryRecentPosts(req, res, next) {
function generateForCategoryRecentPosts(req, res, callback) {
if (parseInt(meta.config['feeds:disableRSS'], 10) === 1) {
return controllers404.send404(req, res);
}
var cid = req.params.category_id;
var category;
var posts;
async.waterfall([
function (next) {
async.parallel({
@ -308,29 +323,29 @@ function generateForCategoryRecentPosts(req, res, next) {
categories.getCategoryData(cid, next);
},
posts: function (next) {
categories.getRecentReplies(cid, req.uid, 20, next);
categories.getRecentReplies(cid, req.uid || req.query.uid || 0, 20, next);
},
}, next);
},
function (results, next) {
if (!results.category) {
return next();
}
if (!results.privileges.read) {
return helpers.notAllowed(req, res);
return controllers404.send404(req, res);
}
category = results.category;
posts = results.posts;
validateTokenIfRequiresLogin(!results.privileges.read, cid, req, res, next);
},
function () {
var feed = generateForPostsFeed({
title: results.category.name + ' Recent Posts',
description: 'A list of recent posts from ' + results.category.name,
title: category.name + ' Recent Posts',
description: 'A list of recent posts from ' + category.name,
feed_url: '/category/' + cid + '/recentposts.rss',
site_url: '/category/' + cid + '/recentposts',
}, results.posts);
}, posts);
sendFeed(feed, res);
},
], next);
], callback);
}
function generateForPostsFeed(feedOptions, posts) {
@ -357,6 +372,35 @@ function generateForPostsFeed(feedOptions, posts) {
return feed;
}
function generateForUserTopics(req, res, callback) {
if (parseInt(meta.config['feeds:disableRSS'], 10) === 1) {
return controllers404.send404(req, res);
}
var userslug = req.params.userslug;
async.waterfall([
function (next) {
user.getUidByUserslug(userslug, next);
},
function (uid, next) {
if (!uid) {
return callback();
}
user.getUserFields(uid, ['uid', 'username'], next);
},
function (userData, next) {
generateForTopics({
uid: req.uid,
title: 'Topics by ' + userData.username,
description: 'A list of topics that are posted by ' + userData.username,
feed_url: '/user/' + userslug + '/topics.rss',
site_url: '/user/' + userslug + '/topics',
}, 'uid:' + userData.uid + ':topics', req, res, next);
},
], callback);
}
function generateForTag(req, res, next) {
if (parseInt(meta.config['feeds:disableRSS'], 10) === 1) {
return controllers404.send404(req, res);
@ -381,4 +425,3 @@ function sendFeed(feed, res) {
var xml = feed.xml();
res.type('xml').set('Content-Length', Buffer.byteLength(xml)).send(xml);
}

24
src/user/auth.js
Unescape Escape View File

@ -6,6 +6,7 @@ var db = require('../database');
var meta = require('../meta');
var events = require('../events');
var batch = require('../batch');
var utils = require('../utils');
module.exports = function (User) {
User.auth = {};
@ -47,6 +48,29 @@ module.exports = function (User) {
], callback);
};
User.auth.getFeedToken = function (uid, callback) {
if (!uid) {
return callback();
}
var token;
async.waterfall([
function (next) {
User.getUserField(uid, 'rss_token', next);
},
function (_token, next) {
token = _token || utils.generateUUID();
if (!_token) {
User.setUserField(uid, 'rss_token', token, next);
} else {
next();
}
},
function (next) {
next(null, token);
},
], callback);
};
User.auth.clearLoginAttempts = function (uid) {
db.delete('loginAttempts:' + uid);
};

5
src/user/profile.js
Unescape Escape View File

@ -283,7 +283,10 @@ module.exports = function (User) {
},
function (hashedPassword, next) {
async.parallel([
async.apply(User.setUserField, data.uid, 'password', hashedPassword),
async.apply(User.setUserFields, data.uid, {
password: hashedPassword,
rss_token: utils.generateUUID(),
}),
async.apply(User.reset.updateExpiry, data.uid),
async.apply(User.auth.revokeAllSessions, data.uid),
], function (err) {

78
test/feeds.js
Unescape Escape View File

@ -12,6 +12,7 @@ var groups = require('../src/groups');
var user = require('../src/user');
var meta = require('../src/meta');
var privileges = require('../src/privileges');
var helpers = require('./helpers');
describe('feeds', function () {
var tid;
@ -113,4 +114,81 @@ describe('feeds', function () {
});
});
});
describe('private feeds and tokens', function () {
var jar;
var rssToken;
before(function (done) {
helpers.loginUser('foo', 'barbar', function (err, _jar) {
assert.ifError(err);
jar = _jar;
done();
});
});
it('should load feed if its not private', function (done) {
request(nconf.get('url') + '/category/' + cid + '.rss', { }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body);
done();
});
});
it('should not allow access if uid or token is missing', function (done) {
privileges.categories.rescind(['read'], cid, 'guests', function (err) {
assert.ifError(err);
async.parallel({
test1: function (next) {
request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid, { }, next);
},
test2: function (next) {
request(nconf.get('url') + '/category/' + cid + '.rss?token=sometoken', { }, next);
},
}, function (err, results) {
assert.ifError(err);
assert.equal(results.test1[0].statusCode, 200);
assert.equal(results.test2[0].statusCode, 200);
assert(results.test1[0].body.indexOf('Login to your account') !== -1);
assert(results.test2[0].body.indexOf('Login to your account') !== -1);
done();
});
});
});
it('should not allow access if token is wrong', function (done) {
request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=sometoken', { }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body.indexOf('Login to your account') !== -1);
done();
});
});
it('should allow access if token is correct', function (done) {
request(nconf.get('url') + '/api/category/' + cid, { jar: jar, json: true }, function (err, res, body) {
assert.ifError(err);
rssToken = body.rssFeedUrl.split('token')[1].slice(1);
request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=' + rssToken, { }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body);
done();
});
});
});
it('should not allow access if token is correct but has no privilege', function (done) {
privileges.categories.rescind(['read'], cid, 'registered-users', function (err) {
assert.ifError(err);
request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=' + rssToken, { }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body.indexOf('Login to your account') !== -1);
done();
});
});
});
});
});

Write Preview
Loading…
Cancel
Save