forked from projects/fipamo
345 lines
11 KiB
JavaScript
345 lines
11 KiB
JavaScript
var express = require('express');
|
|
import DateUtils from '../../tools/utilities/DateUtils';
|
|
import StringUtils from '../../tools/utilities/StringUtils';
|
|
import RightsManager,
|
|
{
|
|
TASK_CREATE,
|
|
TASK_UPDATE,
|
|
TASK_READ,
|
|
TASK_DELETE,
|
|
OBJECT_CLIENT_ADMIN,
|
|
OBJECT_CLIENT_USER,
|
|
OBJECT_PROJECT_CLIENT,
|
|
OBJECT_PROJECT_FOLIO,
|
|
OBJECT_BOOKMARK,
|
|
OBJECT_POST
|
|
}
|
|
from '../../tools/utilities/RightsManager';
|
|
var router = express.Router();
|
|
var multer = require('multer');
|
|
var fs = require('fs-extra');
|
|
var Models = require('../../models');
|
|
var uuidv4 = require('uuid/v4');
|
|
var md = require('markdown-it')('commonmark');
|
|
var sanitize = require('sanitize-html');
|
|
const dateUtils = new DateUtils();
|
|
const stringUtils = new StringUtils();
|
|
const rightsManager = new RightsManager();
|
|
var uploadPath = "./content/blog-images/" + dateUtils.getDate('year', new Date()) + "/" + dateUtils.getDate('month', new Date());
|
|
fs.ensureDir(uploadPath, function(err)
|
|
{
|
|
//console.log(err) // => null
|
|
// dir has now been created, including the directory it is to be placed in
|
|
})
|
|
var storage = multer.diskStorage(
|
|
{
|
|
destination: function(req, file, cb)
|
|
{
|
|
cb(null, uploadPath)
|
|
},
|
|
filename: function(req, file, cb)
|
|
{
|
|
var splice = file.originalname.split(':');
|
|
cb(null, splice[0]);
|
|
}
|
|
});
|
|
var feature_upload = multer(
|
|
{
|
|
storage: storage
|
|
}).array('feature_image');
|
|
var post_upload = multer(
|
|
{
|
|
storage: storage
|
|
}).array('post_image');
|
|
/***
|
|
ADD POST
|
|
*/
|
|
router.post('/add', function(req, res, next)
|
|
{
|
|
if (!req.session.user) return res.json(
|
|
{
|
|
message: "You need to be logged in, champ."
|
|
});
|
|
Models.User.findById(req.session.user.id).then((user) =>
|
|
{
|
|
if (rightsManager.check(user.role, OBJECT_POST, TASK_CREATE))
|
|
{
|
|
feature_upload(req, res, function(err)
|
|
{
|
|
if (err)
|
|
{
|
|
res.json(
|
|
{
|
|
message: err
|
|
});
|
|
throw err;
|
|
}
|
|
else
|
|
{
|
|
var postImages = [];
|
|
if (req.files != "")
|
|
{
|
|
for (let i = 0; i < req.files.length; i++)
|
|
{
|
|
postImages.push(req.files[i].path);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
console.log("NOTHING TO SAVE");
|
|
}
|
|
Models.Post.sync().then(f =>
|
|
{
|
|
var html = req.body.post_plaintext;
|
|
html = html.replace(/<\/?span[^>]*>/g, ""); //removes highightjs styling
|
|
console.log("REGULAR: " + html);
|
|
let buffed = sanitize(html,
|
|
{
|
|
allowedTags: ['del', 'a', 'iframe', 'img'],
|
|
allowedAttributes:
|
|
{
|
|
a: ['href', 'name', 'target'],
|
|
img: ['src'],
|
|
iframe: ['height', 'width', 'src', 'frameborder', 'allow', 'allowfullscreen']
|
|
}
|
|
})
|
|
buffed = stringUtils.decodeHTML(buffed)
|
|
Models.Post.create(
|
|
{
|
|
uuid: uuidv4(),
|
|
title: req.body.title,
|
|
slug: req.body.slug,
|
|
plaintext: buffed,
|
|
tags: req.body.tags,
|
|
page: req.body.status_page,
|
|
featured: req.body.status_feature,
|
|
published: req.body.status_published,
|
|
author_id: req.session.user.id,
|
|
origin_date: new Date(req.body.origin_date),
|
|
html: md.render(buffed,
|
|
{
|
|
html: true,
|
|
xhtmlOut: true,
|
|
}),
|
|
feature_image: JSON.stringify(postImages)
|
|
}).then(saved =>
|
|
{
|
|
res.json(
|
|
{
|
|
message: "postAdded",
|
|
postID: saved.slug
|
|
});
|
|
}).catch(err =>
|
|
{
|
|
console.log(err)
|
|
})
|
|
})
|
|
}
|
|
});
|
|
}
|
|
else
|
|
{
|
|
res.json(
|
|
{
|
|
message: "Nah. You can't do that. Talk to the admin, sport."
|
|
});
|
|
}
|
|
});
|
|
});
|
|
/***
|
|
UPDATE POST
|
|
*/
|
|
router.post('/update/:id', function(req, res, next)
|
|
{
|
|
//console.log(req.body);
|
|
if (!req.session.user) return res.json(
|
|
{
|
|
message: "You need to be logged in, champ."
|
|
});
|
|
Models.User.findById(req.session.user.id).then((user) =>
|
|
{
|
|
if (rightsManager.check(user.role, OBJECT_POST, TASK_UPDATE))
|
|
{
|
|
feature_upload(req, res, function(err)
|
|
{
|
|
if (err)
|
|
{
|
|
res.json(
|
|
{
|
|
message: err
|
|
});
|
|
throw err;
|
|
}
|
|
else
|
|
{
|
|
var postImages = [];
|
|
if (req.files != "")
|
|
{
|
|
for (let i = 0; i < req.files.length; i++)
|
|
{
|
|
postImages.push(req.files[i].path);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
console.log("NOTHING TO SAVE");
|
|
}
|
|
Models.Post.findOne(
|
|
{
|
|
where:
|
|
{
|
|
id: req.params.id
|
|
}
|
|
}).then(post =>
|
|
{
|
|
if (postImages.length == 0) postImages = JSON.parse(post.feature_image);
|
|
var html = req.body.post_plaintext;
|
|
html = html.replace(/<\/?span[^>]*>/g, ""); //removes highightjs styling
|
|
let cleaned = sanitize(html,
|
|
{
|
|
allowedTags: ['del', 'a', 'iframe', 'img'],
|
|
allowedAttributes:
|
|
{
|
|
a: ['href', 'name', 'target'],
|
|
img: ['src'],
|
|
iframe: ['height', 'width', 'src', 'frameborder', 'allow', 'allowfullscreen']
|
|
}
|
|
})
|
|
cleaned = stringUtils.decodeHTML(cleaned)
|
|
post.update(
|
|
{
|
|
title: req.body.title,
|
|
slug: req.body.slug,
|
|
plaintext: cleaned,
|
|
origin_date: new Date(req.body.origin_date),
|
|
tags: req.body.tags,
|
|
page: req.body.status_page,
|
|
featured: req.body.status_feature,
|
|
published: req.body.status_published,
|
|
html: md.render(cleaned,
|
|
{
|
|
html: true,
|
|
xhtmlOut: true
|
|
}),
|
|
feature_image: JSON.stringify(postImages)
|
|
}).then(updated =>
|
|
{
|
|
res.json(
|
|
{
|
|
message: "postUpdated"
|
|
});
|
|
}).catch(err =>
|
|
{
|
|
console.log(err)
|
|
res.json(
|
|
{
|
|
message: "postError",
|
|
error: err
|
|
});
|
|
})
|
|
}).catch(err =>
|
|
{
|
|
//console.log(err)
|
|
res.json(
|
|
{
|
|
message: "postError",
|
|
error: err
|
|
});
|
|
})
|
|
}
|
|
});
|
|
}
|
|
else
|
|
{
|
|
res.json(
|
|
{
|
|
message: "Nah. You can't do that. Talk to the admin, sport."
|
|
});
|
|
}
|
|
});
|
|
});
|
|
/***
|
|
POST IMAGE
|
|
*/
|
|
router.post('/add-post-image', function(req, res, next)
|
|
{
|
|
//console.log(req.body);
|
|
if (!req.session.user) return res.json(
|
|
{
|
|
message: "You need to be logged in, champ."
|
|
});
|
|
Models.User.findById(req.session.user.id).then((user) =>
|
|
{
|
|
if (rightsManager.check(user.role, OBJECT_POST, TASK_CREATE))
|
|
{
|
|
post_upload(req, res, function(err)
|
|
{
|
|
if (err)
|
|
{
|
|
//console.log('Error in Saving Entry: ' + err);
|
|
res.json(
|
|
{
|
|
message: err
|
|
});
|
|
throw err;
|
|
}
|
|
else
|
|
{
|
|
var postImage = req.files[0].path;
|
|
return res.json(
|
|
{
|
|
message: "post image added",
|
|
url: postImage.substr(7, postImage.length)
|
|
});
|
|
}
|
|
});
|
|
}
|
|
else
|
|
{
|
|
res.json(
|
|
{
|
|
message: "Nah. You can't do that. Talk to the admin, sport."
|
|
});
|
|
}
|
|
});
|
|
});
|
|
router.post('/delete/:id', function(req, res, next)
|
|
{
|
|
if (!req.session.user) return res.json(
|
|
{
|
|
message: "You need to be logged in, champ."
|
|
});
|
|
Models.User.findById(req.session.user.id).then((user) =>
|
|
{
|
|
if (rightsManager.check(user.role, OBJECT_POST, TASK_DELETE))
|
|
{
|
|
Models.Post.findOne(
|
|
{
|
|
where:
|
|
{
|
|
id: req.params.id
|
|
}
|
|
}).then(post =>
|
|
{
|
|
post.destroy().then(deleted =>
|
|
{
|
|
res.json(
|
|
{
|
|
message: "postDeleted"
|
|
});
|
|
})
|
|
}).catch(err =>
|
|
{
|
|
console.log(err);
|
|
})
|
|
}
|
|
else
|
|
{
|
|
res.json(
|
|
{
|
|
message: "Nah. You can't do that. Talk to the admin, sport."
|
|
});
|
|
}
|
|
});
|
|
});
|
|
module.exports = router; |