// post.js // Copyright (C) 2021 Digital Telepresence, LLC // License: Apache-2.0 'use strict'; const express = require('express'); const multer = require('multer'); const { SiteController, SiteError } = require('../../lib/site-lib'); class PostController extends SiteController { constructor (dtp) { super(dtp, module.exports); } async start ( ) { const { dtp } = this; const { comment: commentService, limiter: limiterService, session: sessionService, } = dtp.services; const authRequired = sessionService.authCheckMiddleware({ requiredLogin: true }); const upload = multer({ dest: `/tmp/dtp-sites/${this.dtp.config.site.domainKey}`}); const router = express.Router(); dtp.app.use('/post', router); async function requireAuthorPrivileges (req, res, next) { if (req.user && req.user.flags.isAdmin) { return next(); } if (!req.user || !req.flags.isAdmin) { return next(new SiteError(403, 'Author or admin privileges are required')); } return next(); } router.use(async (req, res, next) => { res.locals.currentView = 'home'; return next(); }); router.param('username', this.populateUsername.bind(this)); router.param('postSlug', this.populatePostSlug.bind(this)); router.param('postId', this.populatePostId.bind(this)); router.param('commentId', commentService.populateCommentId.bind(commentService)); router.post('/:postSlug/comment/:commentId/block-author', authRequired, upload.none(), this.postBlockCommentAuthor.bind(this)); router.post('/:postSlug/comment', authRequired, upload.none(), this.postComment.bind(this)); router.post('/:postId/image', requireAuthorPrivileges, upload.single('imageFile'), this.postUpdateImage.bind(this)); router.post('/:postId', requireAuthorPrivileges, this.postUpdatePost.bind(this)); router.post('/:postId/tags', requireAuthorPrivileges, this.postUpdatePostTags.bind(this)); router.post('/', requireAuthorPrivileges, this.postCreatePost.bind(this)); router.get('/:postId/edit', requireAuthorPrivileges, this.getEditor.bind(this)); router.get('/compose', requireAuthorPrivileges, this.getComposer.bind(this)); router.get('/:postSlug/comment', limiterService.createMiddleware(limiterService.config.post.getComments), this.getComments.bind(this), ); router.get('/author/:username', limiterService.createMiddleware(limiterService.config.post.getIndex), this.getAuthorView.bind(this), ); router.get('/authors', limiterService.createMiddleware(limiterService.config.post.getAllAuthorsView), this.getAllAuthorsView.bind(this), ); router.get('/:postSlug', limiterService.createMiddleware(limiterService.config.post.getView), this.getView.bind(this), ); router.get('/', limiterService.createMiddleware(limiterService.config.post.getIndex), this.getIndex.bind(this), ); router.delete( '/:postId/profile-photo', // limiterService.createMiddleware(limiterService.config.post.deletePostFeatureImage), requireAuthorPrivileges, this.deletePostFeatureImage.bind(this), ); router.delete( '/:postId', requireAuthorPrivileges, this.deletePost.bind(this), ); router.get('/*', this.badRoute.bind(this) ); } async populateUsername (req, res, next, username) { const { user: userService } = this.dtp.services; try { res.locals.author = await userService.lookup(username); if (!res.locals.author) { throw new SiteError(404, 'User not found'); } return next(); } catch (error) { this.log.error('failed to populate username', { username, error }); return next(error); } } async populatePostSlug (req, res, next, postSlug) { const { post: postService } = this.dtp.services; try { res.locals.post = await postService.getBySlug(postSlug); if (!res.locals.post) { throw new SiteError(404, 'Post not found'); } return next(); } catch (error) { this.log.error('failed to populate postSlug', { postSlug, error }); return next(error); } } async populatePostId (req, res, next, postId) { const { post: postService } = this.dtp.services; try { res.locals.post = await postService.getById(postId); // these don't 404 if not found, it's fine. // An upsert is used to update or create. return next(); } catch (error) { this.log.error('failed to populate postId', { postId, error }); return next(error); } } async postBlockCommentAuthor (req, res) { const { user: userService } = this.dtp.services; try { const displayList = this.createDisplayList('add-recipient'); await userService.blockUser(req.user._id, req.body.userId); displayList.showNotification( 'Comment author blocked', 'success', 'bottom-center', 4000, ); res.status(200).json({ success: true, displayList }); } catch (error) { this.log.error('failed to report comment', { error }); return res.status(error.statusCode || 500).json({ success: false, message: error.message, }); } } async postComment (req, res) { const { comment: commentService } = this.dtp.services; try { const displayList = this.createDisplayList('add-recipient'); res.locals.comment = await commentService.create(req.user, 'Post', res.locals.post, req.body); displayList.setInputValue('textarea#content', ''); displayList.setTextContent('#comment-character-count', '0'); let viewModel = Object.assign({ }, req.app.locals); viewModel = Object.assign(viewModel, res.locals); const html = await commentService.renderTemplate('comment', viewModel); if (req.body.replyTo) { const replyListSelector = `.dtp-reply-list-container[data-comment-id="${req.body.replyTo}"]`; displayList.addElement(replyListSelector, 'afterBegin', html); displayList.removeAttribute(replyListSelector, 'hidden'); } else { displayList.addElement('ul#post-comment-list', 'afterBegin', html); } displayList.showNotification( 'Comment created', 'success', 'bottom-center', 4000, ); res.status(200).json({ success: true, displayList }); } catch (error) { res.status(error.statusCode || 500).json({ success: false, message: error.message }); } } async postUpdateImage (req, res) { const { post: postService } = this.dtp.services; try { const displayList = this.createDisplayList('post-image'); await postService.updateImage(req.user, res.locals.post, req.file); displayList.showNotification( 'Profile photo updated successfully.', 'success', 'bottom-center', 2000, ); res.status(200).json({ success: true, displayList }); } catch (error) { this.log.error('failed to update feature image', { error }); return res.status(error.statusCode || 500).json({ success: false, message: error.message, }); } } async deletePostFeatureImage (req, res) { res.status(500).json({ success: false, message: 'Removing the featured image is not yet implemented'}); } async postUpdatePost (req, res, next) { const { post: postService } = this.dtp.services; try { if(!req.user.flags.isAdmin){ if (!req.user._id.equals(res.locals.post.author._id) || !req.user.permissions.canPublishPosts) { throw new SiteError(403, 'This is not your post'); } } await postService.update(req.user, res.locals.post, req.body); res.redirect(`/post/${res.locals.post.slug}`); } catch (error) { this.log.error('failed to update post', { postId: res.locals.post._id, error }); return next(error); } } async postUpdatePostTags (req, res) { const { post: postService } = this.dtp.services; try { if(!req.user.flags.isAdmin) { if (!req.user._id.equals(res.locals.post.author._id)) { throw new SiteError(403, 'Only authors or admins can update tags.'); } } await postService.updateTags(req.user, res.locals.post, req.body); const displayList = this.createDisplayList(); displayList.showNotification( 'Profile photo updated successfully.', 'success', 'bottom-center', 2000, ); res.status(200).json({ success: true, displayList }); } catch (error) { this.log.error('failed to update post tags', { error }); return res.status(error.statusCode || 500).json({ success: false, message: error.message, }); } } async postCreatePost (req, res, next) { const { post: postService } = this.dtp.services; try { res.locals.post = await postService.create(req.user, req.body); res.redirect(`/post/${res.locals.post.slug}`); } catch (error) { this.log.error('failed to create post', { error }); return next(error); } } async getComments (req, res) { const { comment: commentService } = this.dtp.services; try { const displayList = this.createDisplayList('add-recipient'); if (req.query.buttonId) { displayList.removeElement(`li.dtp-load-more[data-button-id="${req.query.buttonId}"]`); } Object.assign(res.locals, req.app.locals); res.locals.countPerPage = parseInt(req.query.cpp || "20", 10); if (res.locals.countPerPage < 1) { res.locals.countPerPage = 1; } if (res.locals.countPerPage > 20) { res.locals.countPerPage = 20; } res.locals.pagination = this.getPaginationParameters(req, res.locals.countPerPage); res.locals.comments = await commentService.getForResource( res.locals.post, ['published', 'mod-warn', 'mod-removed', 'removed'], res.locals.pagination, ); const html = await commentService.renderTemplate('commentList', res.locals); const replyList = `ul#post-comment-list`; displayList.addElement(replyList, 'beforeEnd', html); res.status(200).json({ success: true, displayList }); } catch (error) { this.log.error('failed to fetch more commnets', { postId: res.locals.post._id, error }); return res.status(error.statusCode || 500).json({ success: false, message: error.message, }); } } async getView (req, res, next) { const { comment: commentService, resource: resourceService } = this.dtp.services; try { if (res.locals.post.status !== 'published') { if (!req.user) { throw new SiteError(403, 'The post is not published'); } if (!res.locals.post.author._id.equals(req.user._id) && !req.user.flags.isAdmin) { throw new SiteError(403, 'The post is not published'); } } if (res.locals.post.status === 'published') { await resourceService.recordView(req, 'Post', res.locals.post._id, res); } res.locals.countPerPage = 20; res.locals.pagination = this.getPaginationParameters(req, res.locals.countPerPage); if (req.query.comment) { res.locals.featuredComment = await commentService.getById(req.query.comment); } res.locals.comments = await commentService.getForResource( res.locals.post, ['published', 'mod-warn', 'mod-removed', 'removed'], res.locals.pagination, ); res.locals.pageTitle = `${res.locals.post.title} on ${this.dtp.config.site.name}`; res.locals.pageDescription = `${res.locals.post.summary}`; if (res.locals.post.image) { res.locals.shareImage = `https://${this.dtp.config.site.domain}/image/${res.locals.post.image._id}`; } res.render('post/view'); } catch (error) { this.log.error('failed to service post view', { postId: res.locals.post._id, error }); return next(error); } } async getEditor (req, res) { res.render('post/editor'); } async getComposer (req, res, next) { const { post: postService } = this.dtp.services; try { res.locals.post = await postService.createPlaceholder(req.user); res.redirect(`/post/${res.locals.post._id}/edit`); } catch (error) { this.log.error('failed to render post composer', { error }); return next(error); } } async getIndex (req, res, next) { const { post: postService } = this.dtp.services; try { res.locals.pagination = this.getPaginationParameters(req, 20); res.locals.posts = await postService.getPosts(res.locals.pagination); res.render('post/index'); } catch (error) { return next(error); } } async getAuthorView (req, res, next) { const { post: postService } = this.dtp.services; try { res.locals.pagination = this.getPaginationParameters(req, 20); const {posts, totalPostCount} = await postService.getForAuthor(res.locals.author, ['published'], res.locals.pagination); res.locals.posts = posts; res.locals.totalPostCount = totalPostCount; res.render('post/author/view'); } catch (error) { return next(error); } } async getAllAuthorsView (req, res, next) { const { user: userService } = this.dtp.services; try { res.locals.pagination = this.getPaginationParameters(req, 20); const {authors , totalAuthorCount }= await userService.getAuthors(res.locals.pagination); res.locals.authors = authors; res.locals.totalAuthorCount = totalAuthorCount; res.render('post/author/all'); } catch (error) { return next(error); } } async deletePost (req, res) { const { post: postService } = this.dtp.services; try { // only give admins and the author permission to delete if (!req.user.flags.isAdmin) { if (!req.user._id.equals(res.locals.post.author._id)) { throw new SiteError(403, 'This is not your post'); } } await postService.deletePost(res.locals.post); const displayList = this.createDisplayList('add-recipient'); displayList.navigateTo('/'); res.status(200).json({ success: true, displayList }); } catch (error) { this.log.error('failed to remove post', { newletterId: res.locals.post._id, error }); return res.status(error.statusCode || 500).json({ success: false, message: error.message, }); } } } module.exports = { slug: 'post', name: 'post', create: async (dtp) => { let controller = new PostController(dtp); return controller; }, };